My daughter’s computer P3 1.7 256Mb Ram has been plagued with viruses for a while. AVAST has cleaned the machine, but it is still going terrible, today i deleted sdktem.exe,rdriv.sys,inetsvc.exe,sygate.exe all files of unholy nature >:(
but there is one: EGNLOGR.EXE it is not an exe file,it cannot be deleted,and when I managed to open it, it contains hundreds of files,I have encountered it only on her machine, nowhere else and the net has no records of it.
any ideas, ???
thank you for your anticipated answer
cr2743
Hello cr, you say you managed to open it. What’s inside ? Any .ini or .txt files ? How big is the egnlogr.exe file ?
And have you done an online scan already ?
Does your daughter use a firewall and if so, is there any suspect outbound traffic ?
What operating system does your daughter use and can she recall what she has done or downloaded lately ?
Please provide us with a little more info.
Fast
What was the virus name, what was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
What actions have you taken to try and resolve the problem?
What OS are you using? - if it is XP schedule a boot-time scan from within avast!
If you haven’t already got this software (freeware), download, install, update and run it.
Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Hi To all
Guess what, I went to my daughter to get a copy of that strange file, but in the mean time she made a deepscan with Avast, and Avast removed it, or at least the file is gone, she took a note of some nasties Avast removed, just if it is some help:
sds.exe, lgr.exe, ll.exerell.reg, I did another scan with spydoctor, adaware and her machine is clean now, and I installed Zone alarm for good measure, I did a log with Hijackthis and went to the site for a check, very impressive how its done, she had only one nasty, which was removed instantly.
Thank you very much for all your help, particularly with Hijackthis, its a ripper.
Reynald
Hi cr2743,
good to know that you are clean
BTW, I’ve resized your avatar so that that the text doesn’t get pushed to the right. You may use the attached photo.