What was the name and location of the infected file reported by avast?
In addition to Ad-Aware, I suggest you try Spybot Search & Destroy (another anti-Spyware program) and Ewido and/or a-Squared anti-Trojan programs (Ewido requires Win2000/XP).
Make sure you update before scanning.
Run these in safe mode if possible (Tap F8 while rebooting).
Documents And Settings/User/Local/Temp/ vsansyke.dll
-||- : kuuwexr.dll
-||- : jymhnhyw.dll
the list could be done longer but i see no real cause as to why. the dll files seems to be created by the trojan and i cant seem to find them when i manually look for em.
Google doesn’t return anything on the file names, so it’s either something new, or they are just random names- two do indeed look like random names- so that doesn’t give us any information on the malware.
If Ewido and the other programs I mentioned before fail to find anything, it may be worth looking for rootkits. There are some free programs available that will remove hidden malware that is otherwise difficult to remove:
If you are unsure about the results of the programs, post them here for advice before proceeding, or open a thread at CastleCops where you will be advised on these and other programs you can run in order to remove rootkits.
oh well. tho Ewido did find great shit in the systen32 folder, this Trojano-1165 malware still seems unaffected and continues to trouble my PC at startup.
In order to create/place files in the systems folders and create registry entries you need permissions.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Some of this stuff may also have been the result of a downloader. So what is your firewall ? It should have been a line of defence against this stuff if it has outbound protection, which XP’s doesn’t.
It looks like Polonus was right with the Vundo call, but it may be a new variant protected by a rootkit that the Symantec tool cannot touch. DP.sys certainly indicates this:
OK! … i can gladly report that the VundoFIx/er did the trick, i was forced to delete One file after reboot but after that it seems to have cleared my Sys.
Thank you very much for lending a helping hand in this subject, i will continue to enforce Avast.