Hello,
I have been using Avast for ages with absolutely no problems on my Dell Inspiron 8200 laptop which I use as a desktop. I have never had a virus on any of my systems.
Tonight when I switched my machine on, I deleted a 30 day trial version of DiskPerfect7 and connected to the internet. Avast downloaded some updates. Almost immediately when I tried to access any internet sites (even google etc) I get a warning alarm that a virus has been detected and it says (the site in question) contains a sample of SDFE-ZhugeLiang-5976. I have run the virus checker through the system and have also used AVASTs vrus killer? but I am still getting these warning messages for every internet site. I do not get any messages if I am not connected to the internet. I have searched and cannot find what that virus relates to. I use a broadband connection and do download some video content from car and mountainbike sites but I have never had any problems before. Any help would be very much appreciated. First time on this site so apologise if this is the wrong area. Thanks, Bill
Hondaman, are you running Windows XP? Can’t you schedule a boot time scanning?
Besides this, why don’t you delete your temporary files and disable system restore? (to enable again after boot)
In fact the better area would be the Virus board in this case
Hi Tech,
Yes I use XP and always clear out temp files etc. I use Firefox rather than IE. Was just trying to find if anyone knew what that virus related to as google doesnt appear to shed any light on it. There is a similar post for a samed named virus but with a different last four numbers on this site some time ago when I think they were inferring it was a problem after an Avast update - if that’s possible. Heading for bed now so I’ll have to have another look later on today. Damm thing is still squawking!!
Thanks for the reply.
Tech,
I carried out a boot scan overnight and so far everything seems to have returned to normal. I will read through all the sites hints and tips when I get a chance but I panicked a bit last night when AVAST was warning every few seconds no matter what precautions or remedies I took. Still dont know what the actual warning was in relation to - any ideas? Thanks once again.
Last night we had an update to the virus database, could it be only a false positive?
If not, maybe you get rid of it after taking the necessary precautions.
If you run a full through scanning with avast (archive files included) does it show anything?
Have looked through the logs and these were found earlier in the evening
14/01/2006 19:36:30 bill 3868 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\browserxtras\pn\remove.exe” file.
14/01/2006 21:18:07 SYSTEM 156 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\System Volume Information_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP275\A0076161.exe” file.
I then followed your advice re a boot scan and this was the result
15/01/2006 01:08:02 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://192.168.2.1/data.js” file.
15/01/2006 01:08:31 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://192.168.2.1/” file.
15/01/2006 01:09:11 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://192.168.2.1/index.stm” file.
15/01/2006 01:09:47 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://forum.avast.com/index.php?topic=18683.0\PxB14B” file.
15/01/2006 01:11:52 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://forum.avast.com/index.php?action=pm;sa=send;u=18282\PxB150” file.
15/01/2006 01:14:34 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://forum.avast.com/index.php?action=post;topic=18683.0;num_replies=1\PxB152” file.
15/01/2006 01:21:20 SYSTEM 156 Sign of “SDFE-ZhugeLiang-5976” has been found in “http://192.168.2.1/” file.
Since the boot scan everything has been ok again. the logs also contained information indicating every site accessed had a sign of SDFE-ZhugeLiang-5976 (whatever that is).
It is spyware and according to this site has been around since November, 1995 …
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090308
So, it appears that you have spyware on your computer. This is why every site you visit appears to have this spyware … though the spyware is not at these sites but is spying on what sites you go to.
Edit :
It appears McAfee knows little about this …
http://hq.mcafeeasap.com/dispVirus.asp?virus_k=105383
Removal instructions here though I do not know if this will completely remove it but worth a try: (Remove the following files - amravm.com)
http://www.spywaredb.com/remove-zhugeliang-5976-c/
Thanks,
I seem to have got rid of the problem now. Thanks for the information.
Hi hondaman,
Probably you did it right the first time around. However before following the instructions of removing the file, in this case amravm.com, we have to advice people first to backup their registry and system and on setting a restore.point with Win XP, just in case anything goes wrong removing the file. This is especially true with nasty complicated scumware, where we try to remove it via software programs. Later if something goes worong we can reset the situation prior to that, and try manually or in another way. Always keep your options open, folks, else we have a system demanding some removed executable etc. etc.
polonus