morphine

hello,
at first i couldnt find me attaced viruses names in databases.
at second i cant to get ride of one of them with avast (i think).
“cleaner” hasnt it. but avast 4.7 only knows it is viruse… :O(

problem:
when i start awast it was in memory as win32:diazom-b[trj] and in ctfmon.dll and
ctfmon.exe. other name as “morphine”.
i moved it a lot times, but it apears again and again. at least
i get angry and just deleted thous files (despite they were “active”)
(ctfmon.dll and ctfmon.exe) no more
apears in memory or files, BUT… (explorer and firefox working OK)…, BUT

but i have other viruses too (not listed in databases (i couldnt find)),
it is sdbot-3267[Trj]. it cant be deleted or moved or renamed cause it lives in
system32\rdriv.sys file. :O(
it is my bigest problem at now, cause i dont know how to … it.

i updated virusdatabase to todays and with rihgt click on file name tryed to scan c:\ and avast found c:\burimi.exe what contained 3 or more files: one of them was sdbot-gen[Trj] in system.exe. this system.exe was in burimi.exe?!
i dont know what was this burimi.exe, but i deleted it with all exe’s.
i think it was something from windows prof 2000 installation disk cause it apears after
i tried to repire systemfiles, cause avast couldnt restart for boot scan itselfes.

after that i had viruse called, win32:hidewnd[tool] as “other potential dangerous program”
as said avast!!!

this “dangerous program” avast deleted.

can you help me with some advise about this
sdbot-3267[Trj], please?
best regards,
i.
excuse me my english
(next time i check with spell check)


Opera の革新的メールクライアントを使用しています: http://www.opera.com/mail/

Hi vilkatis,

Follow the instructions for removal of rdriv.sys here:

http://forum.avast.com/index.php?topic=16788.msg142660#msg142660

thank you very much!

might be stupid question, but, is it dangerous enough to remove it imediately? or can i wait untill next weekend? there is some reasons…

i.

I’d be worried if I had any confidential information on that machine!

Pull the internet connection at least so the machine can’t download more malware or send out infected e-mails or messages.

oh, thank you very much,

i pull it.

only one,

before Avast this machine used avg, but unfortun… avg setup files files didnt work. (might be reason was trojan).

are you sure evido will work, cause it now is part of avg… :O(

(sorry, i have again again questions)

i.

Ewido, A.K.A. AVG Anti-Spyware is a stand alone program so it shouldn’t be a problem.

oh, thank you,

i will try.

(i read many posts here on forum and realised it is necessary sometimes run not only just option trought, but trought with skanning archives. i saw many advices about using this option.)

just only one question, has wind 2000 pro OS the restore feature too?

and
is it posssible to run superspyware with avast together?

i.

Only winXP and winME have the System Restore function, some would say you aren’t missing any thing others would say it is a valuable tool. Mine has been disabled for years I prefere to use a regular weekly hard disk image as my means of recovery.

thank you for time to answer my questions.

only one,
is avast antivirus made for new macOS X too.
(cause i m macintosh runner and clearly speeking
i dont understand thous many problems around
windows, what never hapened on old mac. (only if
hypercard enabled) new one is based on
linux darwin and myght be a little harmfull by viruses)

best regards
i.

There is intended to be one for Mac but I dont think the program is released yet. Probably safer to look into Clam AV,as far as I know it has compatibility and is free.
good luck

thanks so much!! :slight_smile:

Mac Edition has been in beta since 24 Nov 06, so it can’t be too far away.

http://forum.avast.com/index.php?topic=25073.0

Edit: session ID removed from llink

You want to edit your link so your session id is removed, it will still worked but one of the Alwil team mentioned exercise care not to post your session id in links.

http://forum.avast.com/index.php?topic=25073.0

i nothing edited ???

only one question,
are deleted ctfmon.exe and .dll so necesarry, i remeber it and it makes me a little nervose.
myght i can place other ctfmon from other comps?

regards
i.

It was directed to mauserme, in the post above mine where you will notice the long URL string.

There is a genuine ctfmon.exe file in c:\windows\system32 and c:\windows\servicepackfiles\i386 on my system XP Pro (but no ctfmon.dll, which tends to confirm the original detection was good), now in other locations it might well be a malicious file. By using a regular system file name it confuses the user to try and do exactly what your are doing have doubts about deletion.

You didn’t say what location this infected file was found ?

Some info on ctfmon.exe, what it is (genuine one) and if it may be malicious one, http://www.liutilities.com/products/wintaskspro/processlibrary/ctfmon/.

A google search for ctfmon.dll only returns hits for malware so deletion of that should be fine.

Thanks. Its done :slight_smile:

thak you for repaly,
i added to bookmark www.liutilities.com/products/wintaskspro/processlibrary, it is good for my poor knowledges…
yes, i found it too in c\windows\system32,
but deleted “ctfmon’s” were in other place: about c:\winnt\system32.
now i have little hope , deleted ctfmon were viruses…

but only one question about viruses, are viruses for 32 bit systems and 64 systems different or it is no matter?
how can i get for example anty spyware prog who is for comp with 64 bit?? (cause i have athlon 64bit machine too)

regards
i.

I feel sure that the deleted ones were viruses, provided you have the one in windows\system32 you shouldn’t have any problems.

Personally I really don’t know, but 32bit programs can run on 64bit systems I believe in the same way that 16bit programs run on 32bit windows, the question comes in if they are able to make any changes on a 64bit OS which is likely to be more secure.

Your athlon64 might be capable of running 64bit programs, but unless you have a 64bit OS it doesn’t matter as you would be using a 32bit OS which can’t run 64bit programs. So there is no point in getting a 64bit anti-spyware program (if one exists) unless you are using a 64bit OS XP Pro 64bit or Vista 64bit.

oh, thank you,

for example avg i could run only pro (I LIKE AVAST), cause home edition is only for 32bit.

they just saying not system reguai…

soo, “ewido” m i able to run or not i m in doubt…
myght be “superspyware”…

i m running xp pro 64 on athlon and avast seems doing well, but should i run other anty spyware too or not, or avast is enough, i dont know. (i understand, all here are attented to say avast is enough, but… :-).

i m feeling too, 64 bit seems more “smart”

regards
i.

for davidR

http://actualtools.com/forum/read.php?FID=9&TID=63

regards
i.