Virus, Trojan, and Malware

Viruses and worms
1

I recently decided to check out your avast! antivirus for a couple of reasons. First, my father uses it. Secondly, I’ve been having some trouble for a while with my start button freezing, or my PC freezing during shut down causing me to have to ctrl + alt + delete twice in order to reboot, then shut down again.

I run Windows ME (all security updates applied), and I ran AVG Free Edition. I still have it on my computer, but I just felt it was missing something.

I downloaded avast! (4.6, VPS 0536-1, 09/06/05), ran a scan, and I was shocked.

c58bKs.dll c:\WINDOWS\SYSTEM 8/28/05 Win32:Ruledor [Trj]
gsda.dll c:\WINDOWS\Downloaded Program Files 8 /28/05 Win32:Adan-055 [Adw]
imscan.dll C:\WINDOWS\SYSTEM\ActiveScan 8/28/05 Win32:Kuang2
pavdll.dll c:\pqremove.com 8/28/05 Win32:Kuang2

There were two more identical files in System Restore, so I disabled it, and they were deleted.

I did the virus scan last night, 9/05/05, and found more trouble. I moved them all to the Chest.

pav.sig c:\WINDOWS\SYSTEM\ActiveScan 9/05/05 Win:32:NGVCK-E
pav.sig c:\WINDOWS\SYSTEM\ 9/05/05 Win32:NGVCK-E
PAV.SIG c:\Program Files\Panda Software\Panda Antivirus 6.0
9/05/05 Win32:NGVCK-E
pav.sig c:\pqremove.com 9/05/05 Win32:NGVCK-E

Ironically, although I had shut off AVG, the resident shield was still working in the background and it showed that a virus was in the c:\download file_avast_4 file. I ran a scan on that file with AVG, and of course, found nothing.

So, what do I do now to keep this from happening? Also, I’ve not been able to do any type of online virus scan. Something about my ActiveX being corrupted. That’s why I stopped using Panda years ago.

2

These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

The others seem to be related to false detections due to Panda active scan.
http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Unfortunatelly, a well-known problem of Panda not encrypting its signatures :stuck_out_tongue:

After really removing Panda (files and registry entries), can you post the scan results?

3

Avoid the on-line panda scan like the plague as it doesn’t encrypt its signature files and you know what happens when you do a full scan.

There are plenty of on-line scanners, RejZoR’s Website - Security Ops
On-line Virus Scanners and other useful Links Security-Ops.eu.tt

4

How do I truly make sure the files and entries are gone? Search? Delete manually?

Oh, and thanks for the replies. :slight_smile:

5

There should be an add remove entry for Panda 'c:\Program Files\Panda Software\Panda Antivirus 6.0@ use that.
If the c:\WINDOWS\SYSTEM\ActiveScan folder remains after the add remove (possibly) then delete that folder.

6

After manually deleting everything to do with Panda, I ran a new scan, and I’m getting no false positives. :smiley:

I ran Spybot, got rid of everything there.

However, my system resources are slow. Another problem for another day.

Thank you for your help and advice.

7

Glad to be able to help, welcome to the forums.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2

8

Maybe looking at which process is using the CPU (CTRL+ALT+DEL and order by the CPU column).