Avast Detects and erase but they keep coming back!

Avast detects and erases the following two viruses :

Win32:Trojano-1293 [Trj]
Win32:Adan-046 [Adw]

They both come from respective files: Nail.exe
and eptwfmvrs.exe which loads themselves int he windows directory

When I check in the registry I find and erase the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell

The shell referes to: Explorer.exe C:\WINDOWS\Nail.exe

…but it keeps loading itslef back, even in safe mode!

Any help will be appreciated! ???

If you’re using WinXP you need to turn off System Restore. Viruses can hide in System Restore and they’ll just keep reinstalling theirselves that way. So turn it off and run the scanner again, once you know they are all gone you can turn System Restore back on.

Do you have a firewall? Are your OS, browser and browser plug-ins (Java) the latest versions?

No firewall or old, unpatched OS and browser can let Trojans straight back in.

Thanks for the reply!

I am running SP2 and I have turned off system restore long ago!

I ran all the suggested program: Hijack This, Ad Aware, Online Scan, ONline Trojan Scan, Ewido to no avail. They keep detecting and repairing, erasing, fixing, in “safe mode” but they keep coming back!

I just found out that I cannot load th Windows Firewall. SOmehow the virus preventes me form doing so!

try to see if this malware is related to some service. go to the panel of services. The second solution (?) is to use WinPatrol (last version). With this little program i stopped an exe file apparently impossible to delete. Was an exe, like your, some months ago. This was the last hope after I make all the possible things. Sometimes the easy things are the better! ::slight_smile:

I got winpatrol and another firwewal and the system seems to be more stable but How do I enable the SP2 firewall? If it is a service, what’s its name and How do I get it back on?

Thanks again for the support

Open WinPatrol: you can see the services and click on info after you’ve selected one. I don’t use Win Integrated Firewall and I don’t remember the name of the service related. Now I search for it.

PS: doesn’t you access to the Windows Firewall from the Control Panel? It is here surely. look.

Ouch! The damages seem to be deeper than I imagined! I keep running Ad Aware and I find VX2 malwares and the files came back ddespite the firewall! It seems like many of the original windows files have been modified but I do not have any confirmation of this! The online scan did show me that the explorer.exe file was corrupted but How do I fix it?

Also Can someone point me toward findong how to schedule a boot time scan?

Thanks! ::slight_smile:

the windows firewal is in the control panel but it tells me that it "cannot load/open ICS/ Windows Firewall " I have no clue! ??? ::slight_smile:

Also when I try to find my network connection properties, it tells me that the Windows Management Instrumentation is not working properly or is corrupted!

HELP PLEASE! :cry:

My God… be calm now… here are some experienced guys (not referred to me :)). Surely they can help you. Now we can try something. The first thing is: right click on the avast blueball - open avast antivirus - menu - schedule a scan at reboot