Recognise this worm/virus ?

Viruses and worms
1

While playing a game yesterday, my son was informed that Avast had found a virus but as he’s only eight he failed to take any action to resolve the issue. As a result I do not know which virus I’m dealing with.

The symptoms started when his background screen saver disappeared and subsequently all icons failed to operate properly i.e. clicking on them had no effect except to display a message stating that XP/System 32/Rundll ?? was not available at a specified location. Ctrl Alt Del would not bring up Task Manager and eventually the Start menu option would not open nor allow me to log off as a user nor shut down properly.

Now the virus has also affected my user log in options and appears to affect my system after a short period of time. With never enough time to perform a system scan.

Checking Task manager shows several svchost.exe with one at least 17k in size.

1st question - Can anybody identify which worm/virus I’ve got from the brief description above ?

2nd question - Any idea which process the worm/virus may be using to affect the rest of my system ? Is it possible to disable a process (using Task manager) in order to gain enough time to run Avast system scan ?

3rd question - As I 'm using my parents computer to trawl the web for information - is there any way to send “fixes” across the net if required ?

Thanks in advance

2

Short answers:
1] No
2] Many
3] Basicly no

Questions:

  • Is this system up to date with all security patches/update?
  • Can you still login as ADMINISTRATOR?
  • Avast’s log file should mention what infection is detected and in what file(s). Please let us know.
  • Is this a orignal game or a hacked/cracked one?

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

Having 5-7 of them running is pretty normal.

3

Eddy
Answers

  1. Yes system XP is at SP2 rev
  2. I can login as me which gives admin rights
  3. Where/How can I access the Avast log file ?
  4. Game is not relevant (I think) as it was not an online game,
    he just happened to be playing it while connected to the web. However if you think it would be helpful it was a download called Chromadome http://www.alpha72.com/Chromadrome/chromadrome.htmwhich he has been playing for several months.
4

1] Avast home or pro?
2] admin rights and administrator are 2 different things
3] In the Alwil folder under :\program files
4] game can be relevant. But since he has downloaded it from a legitimate website, it looks ok to me at this point. (illegal/burned games, you never know what has changed to them :wink: )

I owuld suggest you click on the link in my signature and follow all steps as explained on that page. Let us see if the problem is solved after doing so. Please don’t rush and take your time to do so.

5

Eddy

1.Avast Home
2.I am the administrator as I installed XP last year.
3.I’ll check the Alwil folder :\program files when I go home, presumably for some issue ocurring yesterday ?
4.Will look into all the issues raised in your help page.
5.Report back tomorrow.

Thanks

PS On my parents PC (where I also have installed Avast Home - I noticed today that the scan facility is not running at start up i.e. the spinning ball icon. Only the following processes are running.

i.e. ashServe.exe
ashSimpl.exe
aswUpdSv.exe

How can I configure Avast to open on Start up again ?