everytime when i open my pc,avast will warning that there is a Win32:OnlineGames-IG [Trj] and Win32:OnlineGames-JD [Trj] and i cant delete it,so i move it to chest,but when i open pc again,it will appear again ,any ideas to solve this problem?
What is your OS ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There are likely to be more elements that are restoring the file.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
- Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
If a virus is replicant (coming and coming again), you should:
-
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.
-
Clean your temporary files. You can use the Windows Advanced Care features for that.
-
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
-
It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.
-
Use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
http://i20.photobucket.com/albums/b220/jmchin/untitled-2.jpg
here is the viruses are…so what should i do ?
Hi airgear2003,
Have you tried a boot time scan as Tech suggested, and run AVG Anti-Spyware and a-Squared as DavidR suggested?
http://www.sophos.com/security/analyses/trojlegmiraqj.html
If the Trojan is still active, Sophos have a scanner you can download and run from Safe Mode with Command Prompt. Details here:
http://www.geocities.com/dontsurfinthenude/antivir2.htm
Or you could post a HijackThis! log for us and we can tell you which entires to fix to disable the Trojan. Tutorial with screenshots here:
if i try for a boot time scan as Tech suggested,should i delete the virus that detected?
Put them into the chest (quarantine) just to be on the safe side. You always have the option of restoring files in the chest, useful in the rare event of a false detection. Although the two files Rav20.dll and CMDBSC.DLL are obviously malare, avast! might detect other files, and it’s always better to be safe than sorry.
http://i20.photobucket.com/albums/b220/jmchin/untitled-3.jpg
I had did the way that Tech taught,but the problem seem like havent solve,the virus still replicant
A google search for cmdbcs.dll returns many hits, http://www.google.com/search?q=cmdbcs.dll, this is just one, http://fileinfo.prevx.com/adware/qqe2c868370349-CMDB32503141/CMDBCS.DLL.html.
Also see http://www.sophos.com/security/analyses/trojlegmiraqj.html.
When first run Troj/LegMir-AQJ copies itself to \cmdbcs.exe and creates the file \cmdbcs.dll.Cmdbcs.dll is also detected as Troj/LegMir-AQJ.
The following registry entry is created to run cmdbcs.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cmdbcs
\cmdbcs.exe
So this would appear to have a companion file, cmdbcs.exe and as a startup entry could be creating the cmdbcs.dll. If you find this cmdbcs.exe, add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Check, Windows Start button, Run, type msconfig and click OK, check the Startup Tab and see if the startup entry for cmdbcs.exe exists and if so delete it.
yea,i found it,so i have to delete it from my pc or move it to the chest ?
btw,are c0nime and spolive will harm my pc?
airgear2003,
You need to put the files into the chest during a boot time scan.
The screenshot you posted is not from a boot time scan.
This is what a boot time scan looks like:
http://donaldbroatch.users.btopenworld.com/avast-scan.jpg
(This is an old screen shot so it doesn’t have the ‘move to chest option’.)
i put the files into the chest during the boot time scan,but it still appear after the boot
so should i delete the cmdbcs.exe or put into chest
n how about c0nime and spolive?
OK, so as David suggested, another process is protecting cmdbcs.dll.
Have you tried AVG Anti-Spyware?
also worth a try is DrWeb CureIT!:
http://download.drweb.com/drweb+antivirus+free+services/
If these fail, please post a HijackThis! log:
i dint get what you mean…sorry…
should i delete the cmdbcs.exe or put it into chest
n how about c0nime and spolive?
If you have already put it into the chest during a boot time scan and it came back, it means something is protecting it. Every time you delete it it will come back unless you also delete the other process.
Please run AVG Anti-Spyware and DrWeb CureIT! and see if they fix the problem.
If not, please post the HijackThis! log.
n how about c0nime and spolive?
Waht are these?
okok,what i put into chest during boot time scan was cmdbcs.dll but not cmdbcs.exe
and i found there is a cmdbcs.exe that creating the cmdbcs.dll everytime i open my pc
so,what should i do with cmdbcs.exe,delete it or put into chest ?
Put it in the chest it can do no harm there as I previously mentioned and send the sample to avast from the chest (this will aid detection in future VPS updates).
n how about c0nime and spolive?Did avast detect them or something else, if so what is the malware name file name and location this information helps us to help you.
If you ever have any doubt put them in the chest, this should ‘always be your first action’ from here you can take other actions were if you delete you have no actions left.
Sorry. Do you mean the registry entry?
The following registry entry is created to run cmdbcs.exe on startup:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cmdbcs
\cmdbcs.exe
http://www.sophos.com/security/analyses/trojlegmiraqj.html
If avast! detects the file cmdbcs.exe, put it into the chest, yes. If avast! doesn’t detect it but you can find it, manually put it into the chest by all means.
But please run the scans mentioned and post a HijackThis! log.
just cut the cmdbcs.exe and paste into C:\Program Files\Alwil Software\Avast4\DATA\chest ??