hi i downloaded avast for home when we received several thousand spam emails. it has found a worm but when i ask to move to chest it flashes ‘access denied’ cannot process “c:\WINDOWS\winlogon.exe” file.
gives malware name WIN32:Netsky-BD (Wrm)
type Worm
VPS version 080923-0,23-09-2008
i chose continue to process and so far no more detected (finished scan in two/half hours).
gave list at end which showed the file infected as just the one, but again did’nt allow me to do anything.
is it prob whats causing all the emails and how do we get rid of as cant use email(all full of spam and when delete more come)
help please??
is it because it is a system file that it cant delete it?
Hi cidder,
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
thanks fwf,got to go and pick my lad up from his club but i’ll try that tomorrow and report back to you.have a great weekend!
I also suggest:
- Clean your temporary files.
- Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
- Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
- Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
- Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
- Disable System Restore and then reenable it again.
- Immunize your system with SpywareBlaster or Windows Advanced Care.
- Check if you have insecure applications with Secunia Software Inspector.
hi frank.the worm is successfully in the virus chest and appears no other problems, so did a scan on our other machine and discovered its memory is infected with a trojan, whilst doing a memory scan. when try to move to chest again we get ‘access denied’, and option to schedule a time boot scan isnt available to click on.
message is cannot process “C:\windows\system\drufhoks.exe” file
trojan horse malware Win32:Trojano-214(Trj)
VPS version 0809 23-0 23-09-2008
can anybody help??
What is the operating system?
windows 98 and a server with windows NT
I don’t think a boot time scan is available in Win98.
Can you run a scan in Safe Mode?
hi again frank
ran it in safe mode and got about quarter way through scan then found another trojan, but again doesnt allow removal, gives these details:
RPC server is unavailable
cannot process “C:\WINDOWS\TEMP\optimize.exe” file
malware name Win32: DyfucDldr-F@UPX (Trj)
Trojan Horse
VPS version 081109-0,11/09/2008
any ideas??
I’m not familiar with how avast! works (or doesn’t) in Win98, but you could try manually renaming or moving the file in safe mode.
i’ll try that frank. this has to be done in safe mode i presume. is it possible that avast is not ideal for w.98 users? do i need to upgrade system maybe, or is there a recommended anti virus/ad/spyware for win.98? i tried avg(which reports on your forum dont seem to recomm anyway, but their latest version doesnt work with win98. maybe i need to update-thats what my wife says(but i dont think she was talking about windows!!)
As far as win98 goes, I would say avast is your best bet as it is a very small list of AVs that support win9x or winME, it has nothing to do with ideal the limitation is win9x not the AV, there are many forum members still using win9x.
The point of going into safe mode is that some malware doesn’t run and that is why avast couldn’t deal with it in normal mode (file in use or protected, etc.) and why FWF suggested safe mode. Being in safe mode should give you a better shot at renaming the files detected in normal and safe mode than they would in normal mode.
These tools might also help:
- MoveOnBoot http://www.download.com/EMCO-MoveOnBoot/3000-2094_4-10397293.html
- Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.
You would have to check if they work with win9x as there is less an less software that will work with old OSes, especially security applications.
Apparently you can boot from CD in Win98 then run avast! for DOS:
http://forum.avast.com/index.php?topic=13198.msg111278#msg111278