Hi people!

I have a little trouble with a virus named “X”: just it!

Avast always find some virus into a folder in directory \documents and settings (…) and, after I chose “Delete”, Avast found a virus in directory \WINDOWS\system32\x.

Every moment I press “Delete” when Avast get this virus, and it is really deleted from my folder system32. But, in a few time after, Avast find this same virus again.

My version is updated with release 090317-0 and my computer is connected in a network (the one of the company where I work).

Any ideas about it?

Thanks!

it’s Conficker probably… you should apply all critical updates from WindowsUpdate…

Besides what Maxx said, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

Thanks Tech and Marx,

I’ll try to do what you suggested, but I think it will not solve my problem.

As I said, my computer is conected in a company network and the virus may be in other computer online.

I’ll wait for the providences from my boss, and, if necessary, i will run the programs you sugested.

inovox, are you using avast Home or Professional?

Test this file in virustotal.com and if is a virus, send it to virus@avast.com.

Greetings

hello sir please help i need urgent help i have tired of formatting pc because of win32 junk.poly(crypt) virus …i tried all things but this virus is not going …here is my hijack log

b Service Pack[/b]
You are using Windows XP Service Pack 2… A newer Service Pack [SP3] is available for download… You should consider downloading it at Microsoft Updates…

b Firewall[/b]
You are using Windows XP firewall… XP Firewall does not support outbound protection… You may enhance your protection by installing a firewall with outbound protections… Examples are: PCTools, Agnitum Outpost, Online Armor

b Odd Entry[/b]
This seems to be odd to find an uninstaller in Fonts folder… You should send unwise.exe located at Local Disk D → WINDOWS → Fonts to VirusTotal…

http://www.prevx.com/filenames/X1189036174744733299-X1/UNWISE_.EXE.html

Hi inovox,

Agree with -=Fenrir=- here. The entry he quotes O23 - Service: Windows Hosts Controller - Unknown owner - D:\WINDOWS\Fonts\unwise_.exe Fix this entry with HJT…
It denotes a Conficker infection. And you attracted this for not having upgraded to SP3.

1. Download the Sophos Conficker removal tool:
   http://www.sophos.com/support/knowledgebase/article/54457.html

2. Download and Run Full Scan with Microsoft Removal Tool: http://scforum.info/index.php/topic,2468.0.html

3. Download, Install, Update and Run Full Scan with Malwarebytes’ Anti-Malware: http://scforum.info/index.php/topic,2201.0.html

Check all the third party software for updates and patched with PSI Secunia from here: http://secunia.com/PSISetup.exe

polonus

I have the same problem, Virus description - Win32:Confi [Wrm], I follow all the instructions written above but … I can’t get rid of this :-[

Confi[wrm]^^

I think thats a Conficker Worm^^

How about using some Conficker Removal tools^^

http://www.google.com.ph/search?hl=en&q=conficker+removal+tool&meta=&aq=0&oq=conficker+removal

Try one of those and im sure it’ll be solved in no time^^

-AnimeLover^^