:(I have Avast home edition 4.6 and it d=says that I have a virius called win32:Adan-025. I have move it to my chest but it still comes back. Can you help me to get rid of this. I have also ran a schedule boot scan, after i ran it. It still keeps coming back. Please help!!
What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
There may well be registry entries or other things that are regenerating it.
If you haven’t already got this software, download, install, update and run it.
- Ad-Aware
- Spybot Search and Destroy
- Spywareblaster
- Download HijackThis.zip - This tutorial should help HiJackThis Tutorial
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1, if you need any help with any of the analysis let us know.
If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x.
Enable/Disable System restore on Windows ME:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
I have the same problem-- but it has gotten worse. When i first noticed the problem , Avast listed it as " Win32:adan-025. However, a more in depth scan described it as a Trojan-gen and a worm. All of my programs are up to date — this is new. Avast has been unable to quarentine, move, or rename. Spybot has reported some major OS changes – spybot has been unable to delete it. Boot scans have been unable to delete it. This infection moves fast – today i have 12 infected files, yesterday it was 3. It has infected my system restore files – disabling restore did not seem to help. I traced some of the infected files to an author named Blubster-- this same author added a program to my computer; I was unable to delete it at first. when i shredded this program, a few files remained , multiplied itself – and thus became a download cab. This down.cab became “Win32:Adan-025[Adw]” also known as “Win32:Trojan-gen” .
Please hhhhhhheeeeeelllllllpppppp if you can. I’ll keep posting whatever i find. GOODLUCK,
Lisa
Calm down… don’t panic.
What do you mean by:
Keep the system restore disabled, schedule a boot time scanning with avast, boot
Avast has been unable to quarentine, move, or rename. Spybot has reported some major OS changes -- spybot has been unable to delete it.
When a program or process is running windows protects it, effectively stopping you from moving or deleting it. Disabling System Restore doesn’t cure the problem, it just stops windows putting a copy of the infected file into the System Volume Information folder (as it does for files deleted from system folders and many viruses install themselves in there). You have to reboot after disabling system restore to clear out the infected restore points.
I’m surprised a boot-time scan didn’t work, how did you initiate it?
There may be other adware/spyware present and hijackthis is the best tool for showing what is running on your system. Have you run HJT - For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Have you got the other programs I mentioned, updated and run them.
Thanks for advice. Yes I disabled system restore, and did a boot time scan with Avast. I tried your link to hijackthis.de that did not work, it said the processes were unknown. I am now going to try a boot time scan using spybot search and destroy, with system restore disabled.
I’ll let you know what happens. Thanks again,
LS
That is just a regular web page (see image) that allows you to paste the contents of your HJT log file. There should be no requirement for processes, can you explain exactly what you were trying to do?
I am now going to try a boot time scan using spybot search and destroy, with system restore disabled. I'll let you know what happens. Thanks again, LS
I don’t know how you are intending to do a boot scan with spybot search and destroy as far as I’m aware this isn’t an option with S&D?
It’s Fixed ! feel like i won bingo. lol
How to fix :
When checked, both Avast and Spybot were up to date.
I did another scan in Avast. when the infected alarms went off, I selected the delete file and checked the option to delete at start up ( I know i allready did this, but decided to give Avast another try). I disabled my on-access scanners. I disabled System Restore. I did another Spybot scan – Spybot detected some major changes , but did not detect the infected files. I scheduled Spybot to do a Boot scan as well.
At system start-up boot scan, Avast deleted most of the files. There was one that Spybot deleted as well. They work great together.
Beware, when I checked the log files – it showed that all infected files were deleted, but showed some files in two of my programs that were corrupted. The downloader files that i mentioned earlier, had moved and renamed themselves. The log files in Avast and Spybot were showing them as corrupted (not infected). I deleted both corrupted programs entirely. Then restarted and Bingo, this hack got cracked.
RE: Spybot search and destroy – A boot scan is possible, but not in default mode. First change the mode to advanced. This gives you a great set of Tools and Settings to play with. Caution: if you are unsure of the tool, than don’t touch it. Go to Settings, and click on the scheduler – from here you can schedule a Boot scan with Spybot. Then go back to Spybot and select Tools – then select View Report.
Don’t forget to check the log files in Avast as well.
Thanks again David. And goodluck to all with this problem.
LS