Found a memory virus.
Name=win32-trojan-gen(upx)
File=c:\windows\system32\navmgrd.exe
Also found in c:\drive…
Name=win32 trojan-gen(upx)
File=c:\documents and settings\twohair\localsettings\temp\trz8.
???Moved them to chest don’t know what to do now. As far as deleting them. :-\ Downloaded it the other day and just installed it. Hav’nt registered it yet but did a scan and found viruses mentioned above. New to product, didn’t know if it would be safe to delete or dump this particular virus?
Please Help,
Thanks in advance.!!
Once you have them in the chest they should be harmless, you can confirm that they have indeed been moved to the avast chest by looking in the reported locations.
This is more adware/spyware rather than a virus and if you already haven’t got protection thare are some mentioned ing the general help below, and in the useful Links thread.
HTH David
General Virus Removal Help - courtesy of whocares
What WIN do you have? Are all ServicePacks and Windowsupdates applied?
Have you managed to repair/reinstqll avast? so that the resident protection is working again?
→ test with harmless testfile EICAR.COM from www.eicar.com
What were the exact names avast gives the trojans?
Sometimes it’s enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temporary Internet Files folder(s) (via IE->Tools > Options > General - Temporary
Internet files ->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP INCLUDING a REBOOT!! (
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it…
Test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name (you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)
(If they all don’t show it as infected, please send it in a password-protected zip-file to virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)
spybot, ad-aware and cwshredder might also help see www.lurkhere.com ->nicefiles and www.lavasoft.de
-remove the Virus/Malware and it’s system modifications according to VirusInfos from Avast, VGREP,
TrendMicro,
Kaspersky,
AV-Boot-Disks; you might also try searching for the virus name or filename with google
General removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware’s startup entries in
the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
If you still can’t remove it, you could post a logfile of Hijackthis here:
http//hjt.klaffke.de/en & read this first:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
- Secure your system:
Change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla - Scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean
- If needed, reenable system restore on Win ME/XP
Further Details and Links via the board search above
Please try to understand I haven’t a clue to any of this and have read just about everything that was posted. Here is what Im up against. I first I feel got this virus after downloading Earthlinks.net from ATT. worldnet.att.net. Please never use Earthlinks or you’ll be just where Im at right now. I have always loved Avast home edition since march and with ATT never once did I ever get any virus or even an error mess. Tho whos to know what is going on. I know from working in the cust care of a large tech com but it only deals in graphins so its almost funny. Not a real help to me there. I use to run scan through and always came up ok, and then there were at weeks sometimes from being sick and stuck to a couch in a small room that its all I have from going insane. I was able after AOL ruined my first brand new system I called Corp microsoft and they ended up giving me and XP about a yr ago:) FYI: if you ever run into any probs on any comps make sure to call there Corp offices you’ll get want you want:) I worked with them for 20yrs and you kind of know what and how to do it and this is not only for computers and all its in every comapany they don’t want there cust unhappy:) I have never had one prob here so you won’t have to do a thing here but enjoy and now tho Im stuck and why didn’t avast find the virus and stop it before stinger did? and then one of the techs at Compaq told me to always stay away from any dot com always use dot net that way you will never have probs being on a diff net. he was right and now many friends use Avast site and love it and thank you time and again for keeping me from any mail forwards with viruses in them.
Well eveyday I get up something bad happens and to top it off when your stuck living at the old 72yrs parents house who are well lets say not all there it only adds to me not getting out of here from being so sick. (Im sorry, its just that coming here to help my mother and ending up sick has now taken its toll to add to now this) so thanks for just reading this.
I have no contact with anyone but funny the people on the phones at the visas, phones and dr’offfices.
Its ok Im even told (lol)“hey enjoy life” by one dr there isn’t anything else we can do". Oh thats great but hey sure from being weak the best I can do is use my system and thats where I get my friends,
yes I type about 1000 wpm (just kidding) Can you tell that if I start in on what I copy/cut for you and looked and it covers so many files that Im about to throw this brand new well almost new system out the window.
From people who took advantage of ATT with them not being there in tech, gee found that real strange so got upset and downloaded to earthlinks that just happen to pop up in the reg mail and please this is what is funny, after the download the tech tho I would disagree on that, sure she was nice but they have no way to save mail not even on your hard drive so was told wait till 2005 and call back so was credited and left it at that but after uninstalling it from everyplace that it showed which I did, now I have probs that are so strange and yes went back and installed all of this to ATT worldnet again and they just restored my acct, she had me export and import and who the heck knows what she did I haven’t a clue and I don’t think she did either.
Well things started bit by bit to act strange and so would system restore and then all was ok, then Im told after installing and then uninstalling this power ? (whatever) whatever it is and the email tech told me that she thinks oh sure they all say that when no one is really trained anymore and I see it all the time.
My log file is missing and left it at that but that was only a guess but here is my bad news and for whoever reads this please forgive me for taking so long to just put it down, its from being stuck so long in one room and my big day out is once a week for liquids as that is all I can take down and yes getting worse so to lose my system, as mad as we get in so many ways a friend once said to me “Never get rid of your system” and you know without it, what would I have done being in such pain and tho there are times Im able to get on its not for long but it has kept me alive this is for all the ones out there who get so frustrated as we all do and forget, there only pieces of a machine not a real person:)
Well here it us and yes I found one as just last week because I used stinger and it found me a virus and lost it to cyber which meant it went as it said, I wanted it repaired but never found it in the chest as I did today when again run stinger and this is what is showing now:
Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: twaintec.dll
FileID: 15
Virus Description: Win32:Trojan-gen. {Other}
so its sitting in the infected one and also in the chest, see I never had to use this chest so thank goodness stinger went straight to you at Avast.
How come Avast didn’t find it and stringer did? I love your site and tell all but was wondering and have rebooted and I did the virus cleaner and it shows that all files and everything is cleaned and then I go to the chest and check one of the icon or at this point the log and it tells me because Im stuck with it, I can’t get rid of it so its infective it tells me on your chest site. With the above info is it alright since I have ran and will run again tho it takes an hr and 1.2 to run a through but it tells me all clean. Even ready to scan stinger again. I also have regestry first aid that is over my 30days yet it acts like its still working and can see that it shows me where several registry are still there and it not all working and sorry I have put out way to much all ready so is it ok to just delete the infected file or what do I do there are other things in there as not infectied but not sure if its ok to restore them or not and they read: this one would not cut/paste so pls bare with me.
Oringinal file name wsock32.dll…location C:windows systems 32 virus description :no virus…file ID 13 now is this ok to restore or what. see I know zero and please with all that is going on everyday you would never believe it something bad happens .
Im a good person so as they say what don’t kill you will only make you stronger.
Well now any help you can tell me what with these questions on the active or it tells me but the avast cleaner tells me all clean and then this other system thing that just sits.
is it all right to put back as in restore or should I just delete it all.
Im just about at the end of my rope and tired and then seeing because after working with Mr big stuff and yes also big man on campas Steve case with AOL Im tired of Microsoft and will check out the sites you showed in one of your post so we can bypast ick microsoft. I wish Bily Gates and his buddys from the Fred rogers neighborhood weren’t so selfish to do all that they have done to us to take our money and most all have had ruined system as everyone knows using outlook and explorer I pray that Google will find a way as they were saying and out do them all and then we can have quality things to keep us from posting like this.
Sorry but after not being able to lay down and sleep because of no air Im so tired and sure leaning against a wall in all that time and of all things knowing that tho Im not anyone special I have a nursing degree and all I can say is gee I get better help with my avast then I do with money hungry dr’s that all they want is to give you pills and gee don’t bother in Calif to find out why, what and when.
Im told "Oh its ok go live your life and enjoy as there is nothing more we can do but make you comfortable if I wasn’t weak and in pain, I would report everyone of these and some who already were reported out here up north its all about gee give a pill…
sorry its just hard now with this and never meant to make anyone mad or angry at my long post but please walk a mile in my shoes, tho you won’t be able to but at least sit day in and day out and then I pray that you will understand how hard it is and most of all lonely and sad that we have to go to post boards and use our computers to find real friends that will probably never meet but this has helped me to live…
thank you for any help and sorry to anyone who its hard to understand.
God bless you all out there and thanks…
Kathy-
You need more protection besides a good AV and firewall.
I have some links on my page to several scanners.
Anything in the "chest"should be fine to leave there for now. You can disable the system restore which should delete anything in those files. Reboot into safe-mode and run your scanners(online scanners can’t be run in safe-mode)
We will pray for you to feel better
(and hopefully your computer will be the least of your worries)
-max
Max,
Well guess my greateful message was to long so here is a short version. Thanks so much for your prayers that meant so much as now no one is praying but you. Its ok I pray and will pray that you and your family have a great weekend.
After leaving here I found that I also lost my Avast and I worked so hard and oh thanks so much for your prayers, they sure must of worked tho Im still deleting double mail
I look at it at least my glass is half full because you cared to post back, that meant alot as who knows maybe it might of offened some and it was never my intention.
All I try on these sites and yes work for two single match site, keeping the verts off and the solicitation too. The reward I get is some people who own the sites a new family and funny, my own would walk by and only drop on in if there was a smell in here then gee maybe then they would check it and who cares Im gone but now with just some hope from you as we all need each other and even the ones so caught up they too need to feel wanted.
Tho Im still trying to figure away from here, how funny its like being locked in some tall tower and gee should I let my long hair down to get me out;) its ok its people like you that help when all we need is a little bit of hope from so much negative.
To much negative for 35yrs or so can make for anything is possible but for me I live in peace and sure its lonely when I hear out the 100 degree temp room people lol and having fun, ya were so rich they didn’t put in A/C or carpet so with edema its so bad from the heat that the next day Im laid out till who knows when.
Please for whoever is reading this, never let stress get to you and I mean even from these systems we work on, it can kill you and it does. Gee ask my dr the only thing in 3yrs he ever said was"Well nothing more I can do,(Sure you could of given me water pills) but then tells me to enjoy life as he took so much money from my insurance and now this but in life I have things to do so to me sorry it isn’t over till the ? lady sings didn’t want to hurt anyones feelings;)
well Max thanks and if you can think of anything else as I have spynuker and should I get again registry First aid and have no ads with of course all that microsoft gives up and where my updates are is beyond me got one yesterday all because I went back to ATT, or well, but will check out your sites and see.thanks
I know we can’t put our email on but wish I could for all, as I will pray for who ever, its not me but the man upstairs who is my Dad for now and everyone of my prayers for all gets answerd so leave one if you are on to ask questions feel free to leave me a post and I will pray for you all.
Remember we all need each other and on these post boards I have met the best of friends.
((HUGS to you Max)))))))) for taking the time to read my post it gave me hope that maybe this is finally my time that all will soon be ok.
Now Im off to put in the new key and pray that it will work and then avast will be back its that monster who lives insides all systems and look he trashed my avast to give me more to do, but Im getting good at now saying to all, and not in a mean way, “OH well why sweat small stuff,”
Kathy:)
PS: I love Avast and have told so many to come here and then know when they haven’t done a through scan and tell them yes Im a babysitter too:) but its great in forwards even if I can’t read the forwards I have told all please just cut/paste me what your sending ok:)
Hi Kathy,
I hope that you don’t feel that we abandoned you, many will find the post too black (lots of text and no paragraph spaces), this makes it difficult to read and some give up.
Hopefully with Max’s help you are on the road to PC recovery and the ability to be able to communicate with the wider world. I’m hopeful that help will relieve some of the additional stress you feel.
You might find this site a good source of general help & information, its name often feels very apt http://www.pchell.com and this page about twaintec.dll
Take care
David