can't fix... please help

No matter how many times I run Avast, I keep getting the same files infected… I tried to “fic” the problam, but Avast does not fix… I tried to delete the files, but avast won’t do that either… Here is my log file from avast. Please help me fix my problems. :-X

6/18/2004 10:54:51 PM SHAKESPEARE\Russo 2188 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\MDOS.EXE\gamma.exe” file.
6/18/2004 11:19:30 PM SHAKESPEARE\Russo 2188 Sign of “Win32:Hidewnd [Trj]” has been found in “C:\MDOS.EXE\calc32.exe[UPX]” file.
6/18/2004 11:21:04 PM SHAKESPEARE\Russo 2188 Sign of “Win32:Ataka” has been found in “C:\MDOS.EXE” file.
6/18/2004 11:39:24 PM SHAKESPEARE\Russo 2188 Sign of “Win32:Trojan-gen. {VC}” has been found in “C:\WINDOWS\alchem.exe” file.
6/18/2004 11:54:30 PM SHAKESPEARE\Russo 2188 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\WINDOWS\system32\a.exe” file.
6/19/2004 12:03:35 AM SHAKESPEARE\Russo 2188 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\twaintec.dll” file.
6/19/2004 1:03:00 AM NT AUTHORITY\SYSTEM 1052 Sign of “Win32:Trojan-gen. {VC}” has been found in “C:\WINDOWS\alchem.exe” file.
6/19/2004 1:20:20 AM NT AUTHORITY\SYSTEM 1052 Sign of “Win32:Trojan-gen. {VC}” has been found in “C:\WINDOWS\alchem.exe” file.
6/19/2004 1:29:04 AM NT AUTHORITY\SYSTEM 1052 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\twaintec.dll” file.
6/19/2004 1:53:06 AM SHAKESPEARE\Russo 3672 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\MDOS.EXE\gamma.exe” file.
6/19/2004 1:59:22 AM SHAKESPEARE\Russo 3616 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\MDOS.EXE\gamma.exe” file.
6/19/2004 1:59:55 AM SHAKESPEARE\Russo 3864 Sign of “Win32:Hidewnd [Trj]” has been found in “C:\MDOS.EXE\calc32.exe[UPX]” file.
6/19/2004 2:05:58 AM SHAKESPEARE\Russo 2252 Sign of “Win32:Trojan-gen. {VC}” has been found in “C:\WINDOWS\alchem.exe” file.
7/13/2004 1:34:25 PM NT AUTHORITY\SYSTEM 2032 Sign of “JS:ClassLoader-1” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\a.class” file.
7/13/2004 2:33:28 PM NT AUTHORITY\SYSTEM 2032 Sign of “JS:VerifierBug” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
7/13/2004 3:28:24 PM SHAKESPEARE\Russo 3892 Sign of “JS:ClassLoader-1” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip\a.class” file.
8/1/2004 5:09:24 PM NT AUTHORITY\SYSTEM 2044 Sign of “Win32:Startpage-006 [Trj]” has been found in “C:\WINDOWS\System32\cdgp.dll” file.
8/1/2004 5:09:37 PM NT AUTHORITY\SYSTEM 2044 Sign of “Win32:Startpage-006 [Trj]” has been found in “C:\WINDOWS\System32\cdgp.dll” file.
8/2/2004 10:55:27 AM NT AUTHORITY\SYSTEM 2044 Sign of “Win32:Startpage-006 [Trj]” has been found in “C:\WINDOWS\System32\cdgp.dll” file.
8/2/2004 11:03:35 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:VerifierBug” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
8/2/2004 11:13:33 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:Gummy [Trj]” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\Gummy.class” file.
8/2/2004 11:13:44 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:Exploit-Bytverify-8” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\Counter.class” file.
8/2/2004 11:14:00 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:Exploit-Bytverify-7” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
8/2/2004 11:14:13 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:ClassLoader-7” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\GetAccess.class” file.
8/2/2004 11:14:23 AM NT AUTHORITY\SYSTEM 2044 Sign of “JS:Exploit-Bytverify-11” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\InsecureClassLoader.class” file.
8/2/2004 1:40:16 PM SHAKESPEARE\Russo 2272 Sign of “JS:VerifierBug” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip\VerifierBug.class” file.
8/2/2004 1:40:29 PM SHAKESPEARE\Russo 2272 Sign of “JS:Gummy [Trj]” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\Gummy.class” file.
8/2/2004 1:40:34 PM SHAKESPEARE\Russo 2272 Sign of “JS:ClassLoader-7” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip\GetAccess.class” file.
8/2/2004 2:20:35 PM SHAKESPEARE\Russo 2272 Sign of “Win32:Startpage-006 [Trj]” has been found in “C:\WINDOWS\Temp\trzA7.tmp” file.
8/2/2004 4:16:48 PM NT AUTHORITY\SYSTEM 1760 Sign of “JS:Exploit-Bytverify-8” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\Counter.class” file.
8/2/2004 4:17:37 PM NT AUTHORITY\SYSTEM 1760 Sign of “JS:Exploit-Bytverify-7” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
8/2/2004 4:17:43 PM NT AUTHORITY\SYSTEM 1760 Sign of “JS:Exploit-Bytverify-11” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\InsecureClassLoader.class” file.
8/2/2004 4:32:22 PM NT AUTHORITY\SYSTEM 1760 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\WINDOWS\system32\netsvcs.exe” file.
8/2/2004 4:54:39 PM SHAKESPEARE\Russo 3664 Sign of “JS:ClassLoader-1” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip” file.
8/2/2004 4:55:03 PM SHAKESPEARE\Russo 3664 Sign of “JS:Exploit-Bytverify-8” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\Counter.class” file.
8/2/2004 4:55:16 PM SHAKESPEARE\Russo 3664 Sign of “JS:Exploit-Bytverify-11” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip\InsecureClassLoader.class” file.
8/2/2004 4:55:43 PM SHAKESPEARE\Russo 3664 Sign of “VBS:Malware [Script]” has been found in “C:\Documents and Settings\Russo\Local Settings\Temp\sp.html” file.
8/2/2004 5:47:34 PM SHAKESPEARE\Russo 3664 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\WINDOWS\system32\netsvcs.exe” file.
8/2/2004 6:00:02 PM NT AUTHORITY\SYSTEM 2032 Sign of “JS:Exploit-Bytverify-7” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
8/2/2004 7:17:59 PM NT AUTHORITY\SYSTEM 148 Sign of “JS:Exploit-Bytverify-7” has been found in “C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class” file.
8/2/2004 9:09:18 PM NT AUTHORITY\SYSTEM 148 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\WINDOWS\system32\netsvcs.exe” file.
8/2/2004 10:51:43 PM SHAKESPEARE\Russo 520 Sign of “JS:Exploit-Bytverify-7” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\VerifierBug.class” file.
8/2/2004 10:58:31 PM SHAKESPEARE\Russo 520 Sign of “JS:ClassLoader-7” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip” file.
8/2/2004 11:34:46 PM SHAKESPEARE\Russo 520 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\WINDOWS\system32\netsvcs.exe” file.
8/2/2004 11:53:50 PM SHAKESPEARE\Russo 3640 Sign of “JS:Gummy [Trj]” has been found in “C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip” file.

Hi,

Sorry you’ll have to wait (maybe till morning) for full help, but in the meantime we can trim that list almost in half.

Don’t worry about things in the Ad-Adware/Cache folder, that’s stuff that Ad-Aware already caught and “quarantined”. You might want to think about adding that folder to avast’s exclusion list.

And things in the Java Cache folder might or might not be false positives, because of the oddball way Java archives things that don’t meet anyone else’s “packing” conventions. But you can easily get rid of them – just open the Java Control Panel, select the Cache tab, and empty the cache. You can leave “Enable caching” ticked or not, it’s your choice – if you want to keep caching active, it’ll just have to reload fresh copies of the applets from scratch next time it comes to them.

Best,
Mike

What version of Windows are you running? If using Wins Me, or WinsXP do you have the system restore function disabled? ::slight_smile: If the restore function is not turned off you could have this type of problem.

neal62

If the restore function is not turned off you could have this type of problem.
What problem? Sorry but I don't understand.

What version of Avast are you using?
What cps vresion?
What os?

WOW :o you got adware/spyware… My favorite thing about Avast is it picks up some of this junk where other antivirus progrmas dont… Almost everything on that list of files is spyware… “C:\WINDOWS\twaintec.dll” is one I very commonly run in to in fact. I work for a company that does a lot of service work home computers (and businesses). We remove a lot of spyware from home machines when they think they have a virus, they dont. Just a whole mess of spyware.

If you can download then I would advise grabbing latest Ad-Aware and deffinitions, SpyBot Search and Destroy 1.3 and you might need About:Buster from the looks of it http://www.majorgeeks.com/download4289.html

By the way, it will be easier because you are using Avast too, it will pick up a lot of the junk on its own. Delete every one of them.
You will have the best luck if you run these from safe mode of windows with the latest versions of each. It should take care of most but you have a few nasty ones that are really good at “self healing” in there. If you need more help you may want to visir forum on http://www.computercops.biz/

You might need the help anyway, as I said, some of the ones listed can be a bare to remove if you have never dealt with them before.

The list is long and I don’t have the time right now to look at it, but I suggest to run HijackThis, save the log file and use my analyzer (click on the link in my signature) to see what comes up. In adition to this you also may want to follow the instructions on my page to clean your system. Good luck, and keep us informed.