Win32:Horst-GV [Trj]

Avast has been Warning me of this virus/malware for over a month now yet it doesnt seem to be able to do anything about it. I have chosen move to chest yet within an hour or so the warning appears again. I have chosen Delete and this doesn’t work either.

It’s driving me nuts with it constantly appearing…and my computer has definitely been running a lot slower of late, maybe because of this?

The file where the virus is (saying that Avast reports as Malware), is as below…

C:\Documents and Settings\All Users\Documents\setup.exe[UPX]

I’ve tried scanning with…Adaware, Spybot Search & Destroy, SuperAntiSpyware and AVG Anti-Spyware but none of these programs are able to find anything. I also uninstalled Avast and scanned using a different virus software program - NOD32, but this didnt find anything, when I moved back to Avast the warnings started appearing again.

I’m not that technical when it comes to computers but I know bits…any suggestions anyone pleeease!?

Thanks

A forum search for horst-gv will return some hits, this is just one of them, read it through and try to follow.

If a virus is replicant (coming and coming again), you should:

  1. Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

  2. Clean your temporary files. You can use the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting). The best option is send the file to Chest (Quarantine).

  4. It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers) If the step three fails…

  5. For the future, use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

I’ve downloaded and used Advanced Windows Care to clear up temporary files and system etc.
I’ve also used both malware programs you mentioned these havent worked plus a handful of other spyware etc programs.
I tried to email the file to avast from the chest as nothing seems to be working but it then says it cant even find the file!
So why’s there a virus being found on a file that it cant find?
I explorered manually through to the location of the file but there is not even a folder called \Documents in which is file is supposedly located.
Any ideas?
Also, I dont understand how a system restore is going to help sorry can you explain? If avast isnt actually removing the file or indeed even moving to the chest you’d assume if it keeps appearing how will doing a or turning off system restore help?
Thanks in advance.

Can you post a screenshot of the error message?
Are you logged as an administrator of this computer (or common user)?

Are you sure you’re seeing ‘hidden files’ AND ‘system files’ into Windows Explorer folder options?

The System Restore is used to store old version files. Viruses use this feature to hide themselves and replicate the infection.

Im not sure how to get a print screen in here so I’ll copy what it says into here.

In an “Emailing selected files” window it says…

In the Resume tab.

  • “Emailing selected files
    Action was completed with errors!”

In the Errors Report tab.

  • “Program cannot delete the following file: C:\DOCUME~1\Samwise\LOCALS~1\Temp_avast4_\unp54458039.tmp
    —>Description: The system cannot find the file specified”

In the Detailed Information tab.

  • Emailing selected files

The program will try to email 1 selected file(s) from the Chest to ALWIL Software
The following file has been sent by email:
C:\DOCUME~1\Samwise\LOCALS~1\Temp_avast4_\unp54458039.tmp
Original file name:
C:\Documents and Settings\All Users\Documents\setup.exe


Action was completed with errors!

I have show hidden files enabled but I’m not sure about System files, where do I check that?

Do you still recommend I disable system restore? I understand what you said…but should I do disable it then enable it again afterwards or something…how does it work?

Thanks for your patience!

http://forum.avast.com/index.php?topic=8982.0

Windows Explorer > Tools > Folder options > View (or visualization, I’m not sure as my OS is not in English).

Yes, disable, apply, then enable it again.

Hi pogopinchers,

Have you got a firewall running?

If not, somebody may be controlling your computer remotely.

If you only have Windows’ firewall (or worse, nothing) I’d recommend you install a good third party firewall like Zone Alarm Free and be very careful what connections you allow in and out.

http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=The+MEDBOT+Menace

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HORST.GF&VSect=P

It may be worth running the specialist worm removal tool Stinger to look for Medbot:

http://vil.nai.com/vil/stinger/

A hijackthis log could be helpful. Can you post one.