file was found in Docs&Settings%user%\Local Settings\temp or Temp Internet Files.
restarted comp several times with same result from avast! :
“found blabla\spoolsv32.exe[URX]”
I delete it. restart comp and then again same message. I even made full “at-boot-time” scan… with same result.
google tells me that spoolsv32 is dangerous.
help me to remove this vir.
==============
Another problem got from “old friend” (which forced me to install avast!)
It is windows\system32\ipv6mons.dll
I know how to remove it manually, but apparently avast! does not know even though I tryed to scan that file directly with avast!
If a virus is replicant (coming and coming again), you should:
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
This is an unfortunate consequence of windows protecting the system folders, if you delete something from the system folders windows saves a copy to the system volume information folder (also a windows protected area) as a restore point.
If at some point in the future you use system restore you could well be reinfecting your system. It is common practice when dealing with infected files in the system folders to disable system restore before you start.
So when you are dealing with a virus that keeps coming back to the system folder you really should disable system restore until everything is complete. At that point you should do another scan to ensure you are clean and at that point enable system restore and reboot, that will create a clean restore point you can use in the future.
You should try the programs in point 4 to try and detect what is bringing back the spoolsv32.exe file in your system and the c:\windows\system32\ipv6mons.dll in your friends system.
If you have an infected restore point, the virus will come back…
Viruses use this Windows feature to replicate themselves. The only way will be a clean, full partition backup and not the restore points.
Is it the spoolsv32.exe and in the same location Docs&Settings%user%\Local Settings\temp or Temp Internet Files ?
Please paste the full details of the detection here ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
What is your firewall ?
That should stop unauthorised outbound Internet Connections, which should stop a connection to download this.
no firewall, escept avast guard.
i removed avast. tomorrow will install kaspersky. if does not work, will reformat disk. better to avoid it, but reformatting+reinstall will cost me 1 day. with cleaning i already spent 2.
avast isn’t a firewall, and trying to clean a system without an effective firewall that can protect against unauthorised outbound Internet Connections (see below) is likely to be an uphill battle, as is already apparent by the fact you have been at it for two days.
You really should have left avast installed as in the meantime you have no protection at all. You can run on-line scans to provide a secondary scan. On-line Virus Scanners and other useful Links Security-Ops.eu.tt, you should see Kaspersky on that list of on-line scanners. Whichever one you choose, establish a connection with the site and just before you are about to start the scan, pause the Standard Shield so there is no conflict. Once the on-line scan is complete enable the standard shield again.
Firewalls:
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
Kaspersky is a very good antivirus.
Only remember that safety is in favor of layered defense and not of suites.
Remember that there isn’t a perfect software. Hope Kaspersky never let you on the side of the road…
Besides this, it’s not a free suite 8)