NEED HELP!

Viruses and worms
1

I don’t speak well english, so be patient.
My Avast 4.8 Home detected 3 virus:
12/12/2008 14.29.33 Proprietario 2140 Sign of “Win32:Adware-gen [Adw]” has been found in “H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe\WR-1-2~1.EXE\is169898.exe” file.
12/12/2008 14.29.31 Proprietario 2140 Sign of “Win32:Trojan-gen {Other}” has been found in “H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe\WR-1-2~1.EXE\WR-1-2~1.EXE” file.
12/12/2008 14.25.48 Proprietario 2140 Sign of “Win32:Tibs-EMR [trj]” has been found in “H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe\loader.exe” file.

Avast is always update as also my WinXP. But it can’t repair or put in the bin, move or cancel those file.

I don’t know how those virus work, they apparently don’t create problem to my pc, but I don’t know a lot about computer.

However it is not fair have 3 virus in my pc, so if some of your can help me I’ll thanks.

2

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.
3

Those files seem to be in your system restore,turn system restore off,reboot,then turn it back on again

http://support.microsoft.com/kb/310405

4

Step 6…

5

Sorry Tech,didn’t see that ;D

6

Never mind :wink:

7

Hi guys, thanks.
So, in the meanwhile I have downloaded the program Virus/Worm Cleaner Application, this is the report:

12/12/2008, 16.00.01
Memory scanning started…
No virus body found in memory.
Memory scanning finished (10,5s).

Files scanning started…
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\call256.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\callmember256.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\chat512.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\chatmember256.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\chatmsg1024.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\chatmsg256.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\chatmsg512.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\contactgroup256.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\index2.dat… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\profile16384.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\transfer512.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\user1024.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\user16384.dbb… file could not be scanned!
H:\Documents and Settings\Proprietario\Dati applicazioni\Skype\alexsoma1\user4096.dbb… file could not be scanned!
H:\WINDOWS\system32\CatRoot2\edb.log… file could not be scanned!
H:\WINDOWS\system32\CatRoot2\tmp.edb… file could not be scanned!
H:\WINDOWS\system32\drivers\sptd.sys… file could not be scanned!
No virus body found.
Files scanning finished (57335 files, 0 infected, 573,6s).
Drives scanned: H:

Then I downloaded DrWeb and this is the report:

is169898.exe H:\Programmi\Alwil Software\Avast4\DATA\moved Trojan.Siggen.628 Cancellato.
is169898.exe.2 H:\Programmi\Alwil Software\Avast4\DATA\moved Trojan.Siggen.628 Cancellato.
WR-1-2~1.EXE H:\Programmi\Alwil Software\Avast4\DATA\moved Trojan.DownLoad.9874 Cancellato.
WR-1-2~1.EXE.2 H:\Programmi\Alwil Software\Avast4\DATA\moved Trojan.DownLoad.9874 Cancellato.
tinyhttp.exe H:\Programmi\Sony\CONNECT Player Probabile DLOADER.Trojan Incurabile.Spostato.

VGSetup.exe\data003 H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677

VGSetup.exe\data005 H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677

VGSetup.exe\data006 H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677

VGSetup.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe l’Archivio contiene oggetti infetti

WR-1-2~1.EXE\WR-1-2~1.EXE H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe\WR-1-2~1.E Trojan.DownLoad.9874

WR-1-2~1.EXE\is169898.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe\WR-1-2~1.E Trojan.Siggen.628

WR-1-2~1.EXE H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe\loader.exe l’Archivio contiene oggetti infetti

loader.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe\VGSetup.exe l’Archivio contiene oggetti infetti

VGSetup.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64\A0011803.exe l’Archivio contiene oggetti infetti

A0011803.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP64 l’Archivio contiene oggetti infetti Spostato.
A0012355.exe H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP70 Trojan.Siggen.628 Cancellato.
A0012356.EXE H:\System Volume Information_restore{5E231E81-2CAA-42AD-A65F-01A5404EB4BB}\RP70 Trojan.DownLoad.9874 Cancellato.

Even if I have clicked the option “cure” the program have “cancellato” that file, and a pair have removed.
But someone else has not cured, moved or cancelled. How you can see reading the report.

I’ve downloaded also Avast router, somewhere called AntiSpy, this is the report:
avast! Antirootkit, version 0.9.6
Scan started: venerdì 12 dicembre 2008 19.47.08

Scan finished: venerdì 12 dicembre 2008 19.48.57
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Now, I have to run Hijack?
The file not cure read in the report of DrWeb are dangerous?
Can I do something, not complicated please, about those file?
All this program that I’have downloaded don’t conflict?

So it’s all ok or I’d better to act?

Thanks again