Please Help

Hi

I have just installed Avast and it keeps telling me that I have a ‘Win32:Trojan-gen. {VC}’ worm. It is showing up in this file path 'C:\WINDOWS\system32\drivers\jkuwiwvh.sys.

No matter what I do this virus warning will not go away.

So far I have tried running several types of online virus checker and worm remover. Some of which tell me it is there but do nothing or they can’t find it. Avast won’t let me do anything to it. I have also tried to delete the file itself by searching for it in the system 32 file. Even after it has been deleted here it still reappears.

The virus warnings only come up when I open up a new Internet Explorer window.

Can someone please help as I don’t have a clue what to do and the constant virus warnings are very frustrating. >:(

Thanks in advance

Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

do what tech said if it doesn’t work try:
try booting your computer in safe mode by holding F8 and when it boots up delete it and then empty it out of the trash can and restart your computer and dont press anything that should work if it does let me know please

-Ricky

Hi again, thanks for helping.

I am running XP. I have tried both the boot scan and deleting the file in safe mode. Both have failed and I am still getting the same warning about a Win32 Trojan. I have also turned off the system restore.

DO you have any other advice please?

what did it say about deleting it in safe mode?

I went into safe mode and deleted it as well. It always seems to delete ok. I went into the recycle bin and deleted it there as well. But once more when I open an IE window I get a virus warning and when I go back into the System 32 folder ‘jkuwiwvh.sys’ file is back.

ok
theres a other file making that file and running it press ctrl + alt + del and any file you dont recognize let us know

Having switched off system restore you need to reboot for the change to take effect.

How did you do the boot-time scan, using this?

http://img.photobucket.com/albums/v325/for-dwr/boottime.jpg

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2

OK, had a look in the task manager. There are quite a few files I don’t recognise or could’nt place to a legitimate program. These are:

BTTray.exe
dslmon.exe
CalCheck.exe
ashWebSv.exe
ashMaiSv.exe
ashDisp.exe
jusched.exe
jucheck.exe
WDFMGR.EXE
MDM.EXE
BTWDINS.EXE
ashServ.exe
aswUpdSv.exe
SPOOLSV.EXE
LSASS.EXE
CSRSS.EXE
SMSS.EXE
alg.exe

Google the ones you don’t know, avast’s begin with ash and asw. That way you will also get an idea of what is running on your system and what should run.

Use HJT and the on-line analysis and see which of these is flagged.

jusched.exe
jucheck.exe
MDM.EXE

i dont know but like davidr said any idea what ur system shouldn’t and should run
?

jusched.exe and jucheck.exe are both used to run Sun Microsystems Java2. MDM.EXE is showing as a machine debugger?

All the others seem to be legitimate after googling them.

Also davidr the version of Avast you have shown is different from mine. I cna’t find a schedule boot scan button any where. Mine was done by pressing a button at start up.

Boot time scanning is only available in NT systems (Windows 2k or XP), not in Windows 9x or Me.
Start avast! antivirus, right click the skin and choose the proper option to schedule a boot time scanning.

Have now ran the avast boot scan. It picks up the virus. I have tried deleting it and moving it. Both times it has reappeared as soon as I open an IE window.

Which is why I gave you the HJT links because something is causing it to come back.

Does it come back as the same virus name, the same infected file name and the same location, example (C:\windows\system32\infected-filename.xxx)?

What version of XP (plain xp, SP1, SP2), e.g. is it up to date?
Give yourself a fighting chance and use firefox, you IE may well be vulnerable, what version and SP no is it, e.g. IE6 SP1?
Are you using a firewall, if so what?

Do you have the file name and path?
I know it’s a generic answer but, can’t you scan your system with antispywares and antitrojans applications?
Ad-Aware, Spybot Search and Destroy, A-squared, Ewido or Microsoft AntiSpyware.

It was always coming back as the same file path.

I have ran HJT and fixed all of the files I was unsure of, also installed fire fox as a new web browser.

This seems to have fixed the problems I was suffering from.

Cheers guys you are heros and have helped me a gret deal. ;D

Glad we could help, don’t forget you also helped yourself and learned something iinto the bargain.

No Problem what so ever