I am keeping having this virus, this started today morning, and I cannot get rid of it.
When I run avast (all latest updates), it finds some infected files, through scanner or resident detector, deletes them. But after some time, a get new files infected with this virus.
I also got plenty of Win32:Trojano-gen and Win32.Parite and Agobot and SdBot, all at the same time.
During 6 years my PC was connected full time, I was never infected with Win2000 basic (no SP). Once I moved to SP4, my problems started there.
Anyway, I do not seem to completly clean my machine, viruses keep coming back. What should I do ?
I have the same problem Avast keep notifying me of this virus while no other tool finds it. I beleive it exists because my PC is not behaving correctly.
However, Avast was not able to repair the files it keeps telling me "An erroc has occured while accessing file …
Any help on how to repair the files?
Then, please Help us to Help you - User’s FAQ - we need more information to be able to help fully. A visit to the - thread will give you a lot of useful advice and an idea of the information needed to Help you fully.
I have noticed that Avast and some other anti-virus applications falsly detect viruses/trojans in the windows temp/restore folder. Since you didn’t mentioned what files where detected and what their locations where, it is kinda hard to give specific help. But I think this may be the case here also. Disable system restore, reboot and see if it still happens. Perhaps you can gives us some more information. In the mean time you also may have a look at the following page:
I checked these links before by browsing the forum.
However, this does not solve the Trojano-180 problem.
May be NT2000 has a big security hole that is being exploited by this stuff from outside ? I applied all recommended MS security fixes though.
I backed up one of the trojano-180 files that avast could not clean because it was being used by something else. In case you want it.
Anyway, I copy you here the list of viruses cleaned by avast (but trojano-gen and trojano-180 keep coming back:
23/06/2004 19:20:25 ZARKON\Administrator 1328 Sign of “Win32:Trojan-gen. {Other}” has been found in “c:\program files\submit\submithook.dll” file.
23/06/2004 19:29:16 ZARKON\Administrator 1328 Sign of “Win32:Trojan-gen. {Other}” has been found in “c:\program files\submit\submithook.dll” file.
23/06/2004 20:09:42 ZARKON\Administrator 2416 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\Submit\submithook.dll” file.
23/06/2004 21:00:02 ZARKON\Administrator 2416 ASWSIMPLE Application error. Error details: 5 = Access is denied.
23/06/2004 21:13:54 ZARKON\Administrator 2416 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\Submit\submithook.dll” file.
26/06/2004 00:07:09 NT AUTHORITY\SYSTEM 656 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\atljp32.exe” file.
26/06/2004 00:09:10 NT AUTHORITY\SYSTEM 656 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\nttq32.exe” file.
26/06/2004 00:10:48 NT AUTHORITY\SYSTEM 656 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\apitm32.exe” file.
26/06/2004 00:11:29 ZARKON\Administrator 1556 Sign of “Win32:Trojan-gen. {Other}” has been found in “c:\program files\submit\submithook.dll” file.
26/06/2004 00:12:35 NT AUTHORITY\SYSTEM 656 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\crtj32.exe” file.
26/06/2004 02:12:16 NT AUTHORITY\SYSTEM 688 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\winkd32.exe” file.
26/06/2004 02:16:19 NT AUTHORITY\SYSTEM 688 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\atluw32.exe” file.
26/06/2004 10:15:19 NT AUTHORITY\SYSTEM 688 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\nttg.exe” file.
26/06/2004 10:19:27 NT AUTHORITY\SYSTEM 688 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\nettk.exe” file.
26/06/2004 11:09:54 ZARKON\Administrator 244 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\temp\windows\trz3.tmp” file.
26/06/2004 11:10:11 ZARKON\Administrator 244 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\temp\windows\trz4.tmp” file.
26/06/2004 11:10:17 ZARKON\Administrator 244 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\temp\windows\trz5.tmp” file.
26/06/2004 11:20:38 ZARKON\Administrator 244 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\atlpo32.exe” file.
26/06/2004 11:25:35 ZARKON\Administrator 244 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\mfcya.exe” file.
26/06/2004 11:38:30 ZARKON\Administrator 244 Sign of “Win32:Trojan-gen. {Other}” has been found in “Z:\Program Files\Alwil Software\Avast4\DATA\moved\submithook.dll” file.
26/06/2004 20:24:11 NT AUTHORITY\SYSTEM 700 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\atlkl32.exe” file.
26/06/2004 20:28:37 NT AUTHORITY\SYSTEM 700 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\apiax.exe” file.
26/06/2004 20:38:55 NT AUTHORITY\SYSTEM 700 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\d3uv32.exe” file.
26/06/2004 20:44:17 NT AUTHORITY\SYSTEM 700 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\sdkbw.exe” file.
26/06/2004 20:44:45 ZARKON\Administrator 1080 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\temp\windows\trz2.tmp” file.
26/06/2004 20:47:58 ZARKON\Administrator 1080 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\d3uv32.exe” file.
26/06/2004 20:56:14 ZARKON\Administrator 1080 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\apiax.exe” file.
26/06/2004 21:05:25 ZARKON\Administrator 1080 Sign of “Win32:Trojano-180 [Trj]” has been found in “D:\WIN2000\system32\sdkbw.exe” file.
It seems as a real virus, torjan or whatever, because it changes names and makes the machine bahave strange.