I use windows XP service pk3 and its fully updated currently have avast version 4.8 professional build sept 2009 (4.8.1368) with definitions File version 100315-3 compilation date 15/03/2010.
My problem is strange during a screensaver scan i get reports of the following:-
Process 1056, memory block 0x060D0000, block size 262144
BV:AutoRun-E [Wrm]
Virus/Worm
I have run boot scans and full systems scans and it finds nothing but each time the screensaver scan runs within a few minutes it finds this again often the process#### is different but it still has the same BV:AutoRun-E [Wrm]Virus/Worm found.The Screensaver Scan warning suggests a boot scan but does not offer quarantine options or deletion options?
I have used malwarebytes, superantispyware, full system scan in both normal and safe mode I have also used Dr Web Cureit.Trogan Remover and Unhackme although they have found some minor irregularities nothing serious was found.
This has been going on for a few weeks now, it does not seem to be causing any real harm but I am concerned that its being found and worry that I may be passing it to others ?
if anyone has any ideas i would be anxious to here them.
May because you have windows defender or MSE"or other residents",if you have on of those please tell us,anyway if the boot time scan dont catch any thing you are infected free in high percentage
well I tried second opinion and it has identified two suspicious files
30.tdelmemp and Kcoesca.dll however it didn’t remove them only identified them as suspicious.
I will have to investigate those files further before removing them will do that tomorrow and report back (its bed time now:))
I do have windows defender as for MSE or other residents I am not sure what MSE is? and “infected free in high percentage” I’m sorry i don’t understand the meaning?
Hi Guys.
Results of action taken so far .
After quarantining the two files Second Opinion found to be suspicious (Kcoesca.dll and 30.tdelmemp) I rescanned the system using S.O. and it then found the following
SEP5.tmp & TMP00000011d3AFEC508C21744D S.O. then set these files to be deleted on reboot
after rebooting S.O. found no further threats. I followed this with a boot scan using avast.It also showed no infections.However
allowing the computer to idle and screen saver scanning to begin again resulted again in a virus warning .
File Name Process 1176, memory block 0x06190000, block size 262144
Malware Name BV:AutoRun-E [Wrm]
Malware Type Virus/Worm
VPS version 100316-1, 16/03/2010
The only suggestion offered at this stage is to schedule a boot scan!
It does not tell me where the file was found or offer to Quarantine or delete it !
This is really beginning to frustrate me
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Hi results of Jotti are as follows:-
Filename: System32.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 18 Mar 2010 05:57:55 (CET) Permalink
Additional info
File size: 14 bytes
Filetype: ASCII text, with CRLF line terminators
MD5: 58d904a2fa970bc23b636c47cb60e649
SHA1: 480556e9f81dbeec70c59cd54a21303bcf232d33
results of OTL after running the runfix scan as requested followed by a quick scan
attached.
My problem is strange during a screensaver scan i get reports of the following:-
Process 1056, memory block 0x060D0000, block size 262144
BV:AutoRun-E [Wrm]
Virus/Worm
I have run boot scans and full systems scans and it finds nothing but each time the screensaver scan runs within a few minutes it finds this again often the process#### is different but it still has the same BV:AutoRun-E [Wrm]Virus/Worm found.The Screensaver Scan warning suggests a boot scan but does not offer quarantine options or deletion options?
I have attached a screen shot of the warning
the problem still continues the screen saver scan still finds the problem but the process## changes
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
Ok I have used combo fix before and as it didn’t ask this time to install recovery console i assume i have it already.
attached is the log from the scan just completed.
The problem still happens each time I run the screensaver avast scanner…just a thought could it possibly be a damaged memory chip? Although it appears ok.