I have an XP Sp1 system, with NO firewall.
I used to have Norton 2005 - and I thought it was updated (it was, maybe a weel ago).
I never really had a virus for over two years, than one day my wife sits down and says that my user is trying t send 300 mail messages (the virus) - Luckily, I didn’t have outlook configured so it couldn’t send it…
Anyway, the Norton said it’s a Rootkit virus/worm and he couldn’t fix it.
So I tried NOD32, and Avast - which so far seems the most competent.
but it still comes back.
I will do the Hijack this log and post it back here.
Having more than one anti-virus on your computer at the same time can cause conflicts and errors.
If you decide to stick with avast!, you will need to thoroughly remove the other two. Norton can be tricky to remove completely, but there are removal tools available from Symantec. A quick search of the forum should bring up more information and links.
Rootkits can be tricky.
The new Microsoft Malicious Software Removal Tool will remove some rootkits and many worms. Download it here:
I’ve booted again and Avast is running so I hope the virus is gone.
Just one troubling thing: I can’t update my windows - whenever I point the Explorer to windowsupdate - and it just won’t load the page.
If I try to surf elsewhere it works… Sadly it won’t let me update windows through the Firefox… ;-))
Here is my HiJack this log file:
(Tried to post it, but it’s too long, hope it is attached)
It seems to an old worm (2002) so avast! should detect it.
Can you please make sure that you have updated avast!'s virus definitions and do a boot time scan?
Right click the avast! globe and select Start avast! Antivirus.
avast! will do a memory scan: if it finds a virus or worm in memory, it will prompt you to do a boot time scan: accept this and reboot.
If avast! doesn’t find anything in memory, schedule a boot time scan. (Click the button at the top left of the avast! silver console and select Schedule boot time scan from the drop-down menu.)
If avast! detects a file called ntkrnl.exe, please delete it.
Full HijackThis! log file analysis will follow later today.
Please do not try to update until we have cleaned you computer: installing SP2 on top of malware can cause instability.
Thanks for your suggestions,
I’ve followed them and couldn’t find the value you’ve mentioned. In fact I’ve searched for: “ntkrnl.exe” and didn’t find it in the whole registry…
Wierd, no?
I’ll restart and try again, but I doubt it will show up.
I still can’t access the windows update website, but other than that the computer looks and works normally (Avast runing all the time not detecting anything)
I tried changing the security settins, it says custom settings, but I’ve resetted them to Medium and then even Low - it still won’t update. every other site works well…
Actually except the online virus scanners I tried - maybe it related?
Doesn’t give any error message (not even 404) - just remains blank.
In the mean time, I thought the computer was working properly, so I tried to turn off the ADSL’s connection firewall, thinking that might be blocking Windows update…
A second afterwards Avast started warning against “Msdirectx.sys” worm, after telling it to delete it it popped up again a second later. I disconected, re-instated the firewall, and started doing a pre-boot scan…
So I will try all those ideas the moment it finishes (so far it found one file and deleted it).