Virus/Trojan

??? Need help, only new to this game so not sure on how to proceed. Have found virus when scanning, trojan and adaware and are both in avast chest in infected files and all chest files. Repeat of scan and they are still being picked up. Do i need to Delete or send to Chest ? ??? Thanks Roseman Downunder…

Being picked up where ?
What Operating System are you using ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Do you mean they are still picked up in the same location and file name or same malware name but different locations ?

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

Hi Roseman,

We need more information ad David said, but as you found Trojans and Adware, I suggest a scan with these free programs in addition to a boot time scan with avast!:

DrWeb CureIT!:

http://download.drweb.com/drweb+cureit/

a-Squared free:

http://www.emsisoft.com/en/software/free/

Ad-Aware:

http://www.download.com/3000-2144-10045910.html

Spybot Search & Destroy:

http://www.safer-networking.org/

Do the scans off line, but make sure you have a firewall up before you come back online or you will get reinfected very easily.

If you still have problems, please remember to tell us the name of the malware detected and the name and location of the file it was detected in.

You could post a HijackThis! log too:

http://www.bleepingcomputer.com/tutorials/tutorial42.html

Good luck!

Thanks for your reply mate. Just so that i get it right does that mean i need to turn off my firewall to run those suggested programs while offline? and if that’s the case does that mean i need to turn off firewall every time i do a manual scan ? I should of given you this info first time but here it is infected files 1) [Full] giddy up sugar and spice 00.wma, Location; C:\Documents and Settings\ Virus-Win32: Wimad [Trj] 2) A0023649.DLL Location;C:\System Volume Information\ Virus-Win32:Adaware Many thanks from down under in Oz.

No, don’t turn your firewall off! But please make sure you have one running after cleaning. For anybody not running a third-party firewall, I recommend installing one after cleaning.

You may need to follow this procedure as it looks like one of the viruses may be in system restore:

http://www.pchell.com/virus/systemrestore.shtml

Please let us know if you still have problems after running the recommended programs and clearing system restore.

??? Need help, everytime i turn computer on i get type of file that windows cannot open, followed promps to search internet and took me to Filext Site, whichs says file is as follows: Program ID- RTEGPRSConn, Exe File- %Programfiles%\common~1\RTE\GPRSDep.exe%1 told me to google in the info i had RTEGPRS etc and site came up with info on Virus, Hijackers and others which all mean nothing to me could someone advise me how i can dele or stop this program appearing on my screen everytime i turn computer on ? Many thanks, Roseman Downunder in Oz

Could you post a HijackThis! log for us to look at? Thanks.

http://www.bleepingcomputer.com/tutorials/tutorial42.html

Im not sure how to do what you request ? Went to web site on your email but have no idea what to do ? Im only few months into internet world, not sure terminology of things, sorry about this mate… Roseman

http://www.tomcoyote.org/hjt/ there is a small tutorial on this site and a download link is on the left with a little flashy green button ;D All you really need to know what to do at this stage is how to run it and how to post the result

Downloaded Hijackthis and ran scan, i selected edit clicked on select all, then copy but got stuck when tried to paste, couldn’t figure out ? Can you help further ? thankz Roseman

Having copied the contents of the log, open your forum reply post (or click the Modify button in your last post), position the cursor inside the text window and right click, the menu should give the option to paste. You can also use the Ctrl+V key together to paste.

:slight_smile: You Little Bewdy, i shudn’t get to carried away but for the last halve dozen or so times ive turned my computer on the New Connection Profile RTEGPRS program/file has dissappeared, no sight. I thank you’s all DavidR, Essexboy and FreewheelinFrank, with constant browsing sites, googlling with anything with new program profile rtegprs in it i came to a site, can’t even remember how i got there, just jagged it i think. www.merijn.org on this site i downloaded - StartupList v 2.02 gave this a run and there was New Connection Profile RTEGPRS under start up tree, wasn’t able to delete from here but when i went into Start>All Programs, programs which are in my Tidy Start Menu and under heading Startup came up Adobe Reader Speed Launch which was normally there except this time joined under with this was New Connection Profile to which i pounced on and right clicked and sent to be erased by East-Tec Eraser Lite and restarted and so far gone for good (i hope) anyway thanks so much guys im learning a little bit at a time thanks to you guys. (still couldn’t figure out how to post log on Hijackthis so maybe only improved a tiny winnie bit) Im sure i’ll be back for something, Roseman Downunder in Oz