They keep comming back!

I scan with Trend Micro, i have avast updated and when it finds an infected file i select delete and they keep comming back and popping up in avast, what should i do?

Hi,

what WIN do you have ?
What was the complete/exact name of the virus ?
Where exactly was the infected File found (full pathname and filename) ?

test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)

-remove the Virus/Malware and it’s system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:

  • disable system restore on Win ME/XP
  • kill respective Backdoor/Trojan process with task manager
  • search for the file/process names in the registry; remove the malware’s startup entries in the registry
  • disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc…)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean :wink:

  • reenable system restore on Win ME/XP

if it’s of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can’t remove it, you could post a logfile of Hijackthis here

see www.lurkhere.com ->nicefiles and www.lavasoft.de

Further Details and Links via the board search above

You need to delete source folder where these detected files are generating. Also remember the name of the virus and search for Removal Tool so you can perfectly remove it. If virus is on the avast! Virus Cleaner Free Tool than you can use that one.

Hi RejZoR,

this is not always a good idea …

What if VK tries to delete C:\Windows\system32 or so ? ;D ;D :wink:

Its usually not System32 and you can’t delete it because Windows system prevents you from doing this. File usually replicates in some self-made folder. Ofcourse its not always this way.
It might help terminating suspicious processes if they are visible or perform Memory-Check (i know you can do this wth avast! Pro).
Specific Removal Tool should take care for both fields (memory and filesystem).