I have just installed Avast and it keeps telling me that I have a ‘Win32:Trojan-gen. {VC}’ worm. It is showing up in this file path 'C:\WINDOWS\system32\drivers\jkuwiwvh.sys.
No matter what I do this virus warning will not go away.
So far I have tried running several types of online virus checker and worm remover. Some of which tell me it is there but do nothing or they can’t find it. Avast won’t let me do anything to it. I have also tried to delete the file itself by searching for it in the system 32 file. Even after it has been deleted here it still reappears.
The virus warnings only come up when I open up a new Internet Explorer window.
Can someone please help as I don’t have a clue what to do and the constant virus warnings are very frustrating. >:(
Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.
do what tech said if it doesn’t work try:
try booting your computer in safe mode by holding F8 and when it boots up delete it and then empty it out of the trash can and restart your computer and dont press anything that should work if it does let me know please
I am running XP. I have tried both the boot scan and deleting the file in safe mode. Both have failed and I am still getting the same warning about a Win32 Trojan. I have also turned off the system restore.
I went into safe mode and deleted it as well. It always seems to delete ok. I went into the recycle bin and deleted it there as well. But once more when I open an IE window I get a virus warning and when I go back into the System 32 folder ‘jkuwiwvh.sys’ file is back.
Google the ones you don’t know, avast’s begin with ash and asw. That way you will also get an idea of what is running on your system and what should run.
Use HJT and the on-line analysis and see which of these is flagged.
jusched.exe and jucheck.exe are both used to run Sun Microsystems Java2. MDM.EXE is showing as a machine debugger?
All the others seem to be legitimate after googling them.
Also davidr the version of Avast you have shown is different from mine. I cna’t find a schedule boot scan button any where. Mine was done by pressing a button at start up.
Boot time scanning is only available in NT systems (Windows 2k or XP), not in Windows 9x or Me.
Start avast! antivirus, right click the skin and choose the proper option to schedule a boot time scanning.
Have now ran the avast boot scan. It picks up the virus. I have tried deleting it and moving it. Both times it has reappeared as soon as I open an IE window.
Which is why I gave you the HJT links because something is causing it to come back.
Does it come back as the same virus name, the same infected file name and the same location, example (C:\windows\system32\infected-filename.xxx)?
What version of XP (plain xp, SP1, SP2), e.g. is it up to date?
Give yourself a fighting chance and use firefox, you IE may well be vulnerable, what version and SP no is it, e.g. IE6 SP1?
Are you using a firewall, if so what?
Do you have the file name and path?
I know it’s a generic answer but, can’t you scan your system with antispywares and antitrojans applications?
Ad-Aware, Spybot Search and Destroy, A-squared, Ewido or Microsoft AntiSpyware.