so im a noob to this forum and im sure i will get hounded for this but…
i was running my virus programs Avast 4.8 home and Symantec… both freshly updated
Avast found Win32:NDSChanger-SF [trj] in 2 folders that are both part of symantec… directory is C:/program files/common files/symantec shared/virusdefs/20080329.003 and 20080330.003 the file is virscan9.dat
these files cant be moved, they cant have there “read only” status revoked, and why would one virus program see another virus program’s file as a virus?
They see each others files as infected because they are signature/script samples of the real thing (okay maybe not live samples, but you get the idea). This is so the av can compare what it is scanning to something so it can determine if it’s infected or not.
virscan9.dat is part of norton’s data base, where said samples are kept. Most AV’s encrypt their files to prevent this from happening.
Win32:DNSChanger-SF [trj]… My antivirus still detected this virus eventhough i quarantine it in the chest… Intially, i was updating my Norton Internet Security update when the virus came about… What is this virus about? How do I reasolve this?
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
can anyone help me to determine if I can delete the dnachanger virus from my system files. it is infecting my system32/kdypg.exe file. avast finds it but asks me to delete it. repair does not seem to work. it is a roorkit/malware infection that slows my computer. i am worried that it i just delete it my operating system may not function properly. thanks
Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.