I am a newbie and a user of Avast Home Edition. My resident protection is remains on a High level, but I keep getting warnings about a virus that is called WIN32.trojanVG (manynumbersandletters) in my internet temporary folder. I move the virus to the chest, and after a while I delete the files. It’s the same virus that keeps popping up, only then with different numbers and letters.
Maybe it’s wrong of me that I delete the files, but what are you supposed to do with the files in your virus chest? Do they have stay there all the time? And how do I get rid off this virus? It is not a very well known virus, because I looked it up in several virus databases.
I read somewhere else that there may be a interferance with Ad-aware and some virusscanners. Some virusscanners say there is a virus on the computer, while Ad-aware is running, while that is not the case. Could this be why the VIRUS keeps coming back??
And another thing, the last time I got this virus I also scanned my system online at Trend Micro Europe. Trend Micro spotted a virus in my System Volume information that AVAST never mentioned. The name of that virus was CASPER1.
I think that AVAST is a very good programme. But, when another virusscanner says that there is a virus that AVAST never mentioned, I begin to wonder which other viruses there still may be on my computer that AVAST missed.
Anyway, how do I get rid off this virus? It’s strange that the same virus keeps coming back. I use Warez P2p client (Kazaa-like) programme for downloading music, although Avast supports many P2P’s, Warez is not included in the list of P2P-programmes. AVAST covers Warez’ older version Arez, but not the new one. Or am I wrong here?
Could you help me out please? I will run a trojan port scan just to make sure.
Don confuse adware/spyware with a virus they are two entirely different things, although avast does detect many of the trojans (malware), it is a specialist Anti-virus program.
- What OS are you using? is it up to date?
- What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
- What was the virus name, what was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
This should get you started, Advice & Tools for virus/trojan/malware Removal & Prevention and Eddy’s Website click the “HiJackThis Section” and also the “Malware removal instructions and applications” section, and follow the directions there and get back to us if you need more help…
I have never seen that AVAST came up with the Format A. virus. If it had, wouldn’t it have removed the virus immediately?
My OS is Windows XP (Service Pack 2). Yesterday I downloaded the latest updates from www.microsoft.com. I am using AVAST 4,5 and my current VPS-file is 0507.3. In addition to Avast, I am using Spybot, Ad-Aware and Sygate Personal Firewall (the basic version)
The virus pops up in C:\Documents and Settings(Myrealname)\Local Settings\Temp. The name of the virus is always Win32.trojanVG, but the numbers and letters change. The current one is called Win32.trojanVGB0FHa0364
I forgot to mention that there is also is a exe.file that I can’t remove in the same folder. The name changes also and it is not a JET.TMP of D~.TMP files (someone working at a online virushelpdesk told me that JET. and D~.TMP-files are not viruses, but log files when your computer crashes or something like that).
This particular exe. file in my temporary folder has strange names like ‘knnqdns’ or ‘brrr’ etc,etc. I can’t remove this file and AVAST says it’s clean. I think that this file might be responsible for the virus, but I am not sure.
I tried to do a trojan port scan, but because AVAST is running and is very slow, the website that performs the scan doesn’t work properly. I’ll try again later.
I will look at Eddy’s website and at your link to see I can find something helpful.
Thanks again
I just searched for the term ‘VGB’ on the virus bulletin board. The results say that Alwill (AVAST) does not detect this virus? Is this correct? Could you have a look please?
If Avast doesnt detect this virus, what should I do now? My computer will be constantly vulnerable to this particular trojan horse, if AVAST can’t protect my computer from it.
AVAST just said that the same virus is still on my computer. I had moved this virus to the virus chest, apparently this doesn’t seem to be effective. I haven’t used WAREZ since I got the virus. As you can see from the title, the current name of the trojan is WIN32.trojanVB2G3QA02420
THis virus has been bothering me for more than a month now, how do I get rid off it before it harms my computer any further?? I don’t understand how Avast doesn’t protect my pc from this virus, especially since this is the fifth time the virus has struck.
I don’t know which win32.file is infected to be honest with you, the only thing Avast mentions is that the virus is in my temporary folder???
I went into safe mode and removed a file that I thought was suspicious, but now I have two other weird files in my temporary folder, one of them named pntahjlb.exe. I really think that this is a virus, but again I’m not sure. I scanned my system in Safe mode, but Avast came up with nothing.
I am posting my hijack this log, maybe this could help? Please take a look at it and let me now if something weird is going on. Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 20:04:28, on 22-2-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Ik was looking through my hijack this log and I decided I wanted to know kind pf program C:\WINDOWS\System32\svchost.exe was. I looked up the term svchost.exe.
Some websites said that I was infected with a Netskyworm?? Is this true, or does scvhost.exe belongs to Microsoft? In my hijack log it appears twice, does this mean that one of them is a virus?
svchost.exe is a legitimate windows file, but as with any file it can be infected.
svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a registered security risk and should be removed immediately.
But I have all the recent windows updates. I don’t understand whether this thing is a virus or just belongs to windows? It pops up three times in the log? I am confused ??? If so, why hasn´t Avast warned me about it…
: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a registered security risk and should be removed immediately.
svchost.exe is a process which is registered as the W32.Welchia.Worm.
That is BS !!!!
Read my post and that website again.
The Welchia worm takes advantage of an exploit in Windows.
For which MS has released a patch a long time ago.
How the hell should I understand what files are normal and what which are infected. Avast didn´t get rid off the crap that infects my computer, I was just worried that there was another stupid virus.
I am deeply sorry if I am not a computerexpert like you are…
How the hell should I understand what files are normal and what which are infected. Avast didn´t get rid off the crap that infects my computer, I was just worried that there was another stupid virus.
I am deeply sorry if I am not a computerexpert like you are…
We understand your not a computer expert, so don’t worry, ill try to clear things up
C:\WINDOWS\System32[b]svchost.exe[/b] is a normal running/windows process what is in your C:\WINDOWS\System32, the W32.Welchia.Worm which you speak of exploits an unpatched windows system, and for it to be the W32.Welchia.Worm (worm) it would have to be outside of the C:\WINDOWS\System32 folder (in the Temp folder etc).
So in this case it is fine.
I am just a bit sensitive about my computer because I have bought it for school. Since I am a student, and obviously don’t have the money to buy a new computer of E 1400,-, I tend to freak out a bit :o when it comes to viruses and such.
Yep, the same virus is back. This time this virus is named Win32.trojan.VC77CHa0368. I don’t understand how I keep getting the same virus over and over again. Apparently I can’t remove it from my computer no matter what I do. This virus is also not very well known, there is not much information about it available and that makes it harder to remove the damn thing.
All I know is that it’s ALWAYS a Win32.trojanV (something something) virus. It’s difficult for me to locate the virus, Avast says it’s in my temp. folder but I don’t know where else it may be hiding.
Why do I get the same virus all the time?? For a while I think that’s everything is okay (after running several scans) but then Avast mentions it again. I had noticed that my computer had slowed down at startup, so I knew something fishy was going on.
Can somebody please tell me how I can finally get rid off it ? Really, I don’t know what to do anymore, I have been dealing with this virus for a couple of months now!!! I move the virus to the virus chest, but the virus apparently is still present on my computer.
I do have a suspicous file on it hsperfdata, is this the file that keeps causing trouble? I have another question, are the viruses that you put in the virus chest, suppose to stay here all the time? I mean should I delete them? I did deleted the virus once, but that didn’t work.
Please help!! I am lost, could it be a false positive or am I in serious trouble here?
Note: I am almost through scanning my computer online, and so far nothing has been found.
