Revop.C & PSW.Briss.A

Viruses and worms
1

??? I am feeling very confused after reading lots of info on the above, but still do not know what to do about it! :frowning:

My pc seems to be infected with them. After scanning with AVG they were sent to the virus vault and deleted. But when I reboot ‘hey presto’ they reappear! :o

I have tried going into safe mode and quarantining them, to no avail. The little blighters pop up again and I’m back where I started! >:(

I’ve written endless notes on pieces of paper and I’m afraid they are in no particular order now :-[. Although I’m sure it will make sense to the computer literate out there! So here goes … :slight_smile:

C: WINDOWS\TEMP\BDL14025.EXE (refering to Revop.C)

C:\WINDOWS\SYSTEM\bridge.dll (this one isn’t coming up today).

Trojan Downloader.240 (hasn’t come up today)

WINDOWS\SYSTEM\A.EXE

WINDOWS\TEMP\BDL14025.EXE

C:WINDOWS\TEMPORARY INTERNET FILES\CONTENT\IE5\KR

C:_RESTORE\TEMP\A0073774.CPY CANNOT BE REMOVED

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\57UZUFSH\BDL140~1.EXE

It was also suggested that I should disable system restore before running a virus scan, but this did not work either.

Please explain simply as possible :-[ how to get rid of this so my children can have their computer and mother back!

I would also be interested to know how I can protect myself from this in the future.

Thank U! :slight_smile:

2

I have now scanned with Avast and I have an application called ofefgx in the recycle bin. Should I delete this?

In the chest I have Infected File Del7112.TMP. Is it safe to also delete this?

I do not understand why System Files kernel32.dll, wsock32.dll and command.com are in the chest? Do they have some kind of virus? I don’t know what I should do with them.

Also, while I was scanning with Avast, AVG popped up once again with revop.C and Briss.A. Avast didn’t pick this up. Maybe I should have disabled AVG.

Should I have run Avast in safe mode?

So many questions, wish I had some answers!

Pleeeez tell me how to get rid of this once and for all!

3

Hi,

  1. you mustn’t have two AV-Monitors=Guards=Resident Shields = On-Access-Scanners running together on the PC; disable one of them (either AVG’s or Avast’S) permanently
    (Although by some strange coincidence AVG & avast SOMETIMES work together, this usually leads to tears, chaos & desctruction

  2. Apply all Service Packs & patches via IE-> Extras->Windowsupdate

  3. secure your IE-Browser, so that activeX & scripting is disabled, except for know, secure sites

  4. Disable RESTORE

  5. Clean your IE-Cache: Close all programs & Browser windows, then got COntrol panel → Internet options → General → Delete files → Include OFFLINE files → OK

  6. Empty ALL TEMP-folders manually

  7. spybot, ad-aware and cwshredder might also help:
    install & update them, then reboot in SafeMode (repeatedly press F8 when booting, until menu appears); Scan & fix with the above TWICE in SafeMode

see www.lurkhere.com ->nicefiles and www.lavasoft.de

Then do a complete thorough scan with avast (AVG-Monitor must be disabled for this:
then list for EACH virus/trojan:

  • exact Virus name
  • Where exactly was the infected File found (full path/folder/filename, e.g c:\Windows\system32\virusfile.exe) ?

General advice:

Sometimes it’s enough to

  • clear all TEMP-folders (via drive CleanUp AND best also manually)
  • empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
  • empty java-Cache or
  • disable system restore on Win ME/XP ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
    to get rid of it…

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don’t show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

-remove the Virus/Malware and it’s system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:

  • disable system restore on Win ME/XP
  • kill respective Backdoor/Trojan process with task manager
  • search for the file/process names in the registry; remove the malware’s startup entries in the registry
  • disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can’t remove it, you could post a logfile of Hijackthis here

-Secure your system:
change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla

  • scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean :wink:
  • If needed, reenable system restore on Win ME/XP

Further Details and Links via the board search above