help! cannot remove new virus...

hello,

i suspect that my roommate downloaded an e-mail attachment yesterday while i was at work… he’s not very computer savvy like me so, he probably didn’t think the attachment was bad… well, now i have a rapidly spreading virus of some sort, ripping through my system… i guess i have a lot more to teach him about the internet… sigh, i thought he was smarter than that… anyways, here’s a link to a description of the virus via symantec’s website…

http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99

the file name is “trojan.peacomm” and avast! does not recognize the virus… norton keeps telling me of this rapidly spreading threat… i do not have a “current” virus database for norton because my free subscription ran out months and months ago… and i am not willing to pay for this service when there are plenty of good “free” programs out there like avast!.. however, norton is the only anti-virus program that recognizes this threat… but, norton refuses to remove it because my current protection has expired…

does anyone know of another way to remove this threat? or does anyone know of another “free” anti-virus program that could possibly remove this threat? i need all the help i can get because, avast! is not currently helping me… i am hoping that maybe in a few days, avast’s virus databse will include this threat but right now, it isn’t… and its forcing me to keep my CPU turned off so this virus cannot spread further into my system… so far, i don’t think it’s taken over but, it is in the system and it’s supposedly “rapidly spreading”…

all help is appreciated… thanks…

EDIT: my CPU is running windows xp in case that info is important…

Follow the instructions at http://www.ache.nl

Hello Eddy, how are you doing? You’ve not being here such a while…
Sorry the off-topic 8)

6 months probs with my ISP, but now it is working like it should. And they have paid me a considerable amount for the troubles :slight_smile:

The Trojan is also detected by Trend Micro and F-Secure. Both have online scanners that remove malware, so try those. (The Trend scanner is called Housecall).

thanks for the quick replies… when i get home, i’ll try these techniques out… if they don’t work, you’ll be seeing another post from me ;D… however, if these ideas help to fix the problem, i pry won’t be back since i only signed up to get this problem fixed… lol, i am sure a ton of people have done the same…

anyways, thanks for all the current help… lets hope it fixes the problem!! thanks…

Regardless of the outcome you would benefit by sticking around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.

Welcome to the forums.

i’ll keep that in mind, david ;D… and thanks for the welcome…

Hello there - I too have picked up trojan.peacomm. I’m currently running norton but want to change to something more free - and I’ve been recommended avast, but from the sounds of things avast is not picking up the problem yet.

I can’t run housecall because my wireless card has been disabled, it says it no longer exists, which obviously means no internet connection. All the other suggestions for fixes have aroused my suspisions and on investigating have seemed like bogus advice.

Do you think trojan.peacomm has disabled my wireless card? I am thinking about reinstalling it to see if I can get the internet back.

Any suggestions on what to do? I’m not especially technically minded so assume nothing!

Thanks

Jemima

Hi Jemimajemoo,

I wouldn’t recommend trying to uninstall one AV and install another in the middle of an infection.

Rather go to another computer and download some stand-alone clean-up tools, burn them to CD, then run them on your computer.

DrWeb CureIT! is good:

http://download.drweb.com/drweb+cureit/

As is TrendMicro Sysclean, which is a little more complicated, but there are clear instruction here:

http://esupport.trendmicro.com/support/viewxml.do?ContentID=en-125991

When you’ve cleaned up your system, uninstall Symantec, install avast! and investigate your internet connection.

(You may need to run the Symantec removal tool to ensure all traces are removed. Search the forum for more details.)

This doesn’t seem to be one of the usual symptoms. Rather, the trojan tries to connect to the internet to download additional files.

http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=2

There is a rootkit component so if you’re able to find and remove c:\windows\system32\wincom32.sys you may have some luck. Open an explorer window, click Tools, Folder Options, View. Under Hidden Files and Folders make sure Show Hidden Files and Folders is checked. Then see if you can find wincom32.sys (the path I specified assumes you are using Windows XP - “system32” will be different for other operating systems).

Thanks for your quick answers - I’m amazed that there is help so easily available. I did take my computer to see the PC world clinic and they told me the only way to get rid of a virus is to wipe the hard drive and start again.

I’ll give your solutions a go.

Thanks again.

Jemima

Probably why some of the reason why they got slated in a report about poor repair performance, suggesting replacing a drive when it was a cable problem, etc.

Format and re-install is really a final resort and we aren’t there by any way yet.

I once took my system there after installing an iomega back-up device and the software screwed my system. They didn’t even want to take it over the counter without me paying £29, said they wouldn’t be covered by insurance, I asked for a screw driver and took it apart for them and they checked and confirmed basically what I said and I got my refund.