Win32:Volage-G Worm

system · April 20, 2006, 8:32pm

I scanned my system & found Win32:Volage-G [Wrm] in C:\WINDOWS\CLASSES.DAT file. It cannot be repaired. I have deleted it but then the computer won’t recognize the operating system, same with moving it to the chest, no operating system. I have to use bootdisk & scanreg /restore command to get back computer functionality. But of course the virus remains in the forementioned file. Instructions on removal would be helpful. Thanks

system · April 20, 2006, 11:44pm

Hi Bearmstead :

  Worms and trojans are best handled by a good & FREE
  anti-malware program called "Ewido" from 
  www.ewido.net/en . There's a tutorial on this program @
  www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf

system · April 21, 2006, 1:51am

I am running windows ME, the scanner will not work with ME. Any other suggestions.

system · April 21, 2006, 1:58am

Since you have ME, try a-squared at the below link. It is also free.

http://www.emsisoft.com/en/software/free/

system · April 21, 2006, 3:23am

Is it possible that Avast is giving a false warning? Volage-G was just added today. My computer is running great. I tried Housecall & it found nothing.

polonus · April 21, 2006, 6:13am

Hi bearmstead,

Scan your computer with this tool, http://www.snapfiles.com/php/download.php?id=107886

If nothing is found, you could also upload the file in question to jotti: http://virusscan.jotti.org/ or virustotal: http://www.virustotal.com/en/indexx.html
for a second up. If it appears to be a genuine FP send it to avast.

polonus

igor0 · April 21, 2006, 9:05am

Seems like a false positive. It will be fixed in today’s update.

RejZoR · April 21, 2006, 11:46am

Igor, i think it’s not. File is located in WinDir and it’s named CLASSES ?
Very unlikely… i also don’t have this file on my system which is perfectly clean.

igor0 · April 21, 2006, 11:51am

Classes.dat is part of Windows ME registry hive.

system · April 21, 2006, 4:02pm

Got the Avast update & scanned the file. No virus detected. Must have been a false positive fixed with the update. Thank you all for your help.

system · April 21, 2006, 4:32pm

I’m running Windows 98se on my computer. My problem is similar to the original post. Avast shows that I have been infected by Win32: Volage-G [Wrm]. Where my problem is different is that it showed 7 files infected. They are as follows:

c:\Windows\SYSTEM.dat
c:\Windows\sysbckup\rbbad.cab\system.dat
c:\Windows\sysbckup\rb000.cab\system.dat
c:\Windows\sysbckup\rb001.cab\system.dat
c:\Windows\sysbckup\rb002.cab\system.dat
c:\Windows\sysbckup\rb003.cab\system.dat
c:\Windows\sysbckup\rb004.cab\system.dat

I’m no expert on computers. I moved the above files to the Virus Chest, because that’s what Avast “recommended” that i do when it found the infected files. After the scan finished, I updated Avast (I couldn’t update it BEFORE my scan, because for some reason my internet connection was dead - I’m on a wireless home network). After Avast completed a program update, it prompted me to restart my computer, so I did. Ever since then, the following is what happens. Computer restarts. The following message displays:

“Warning: Windows has detected a registry/configuration error. Choose, Command prompt only, and run SCANREG.”

So I choose “Command Prompt Only” as instructed and run SCANREG. After maybe a half of a second, the following message displays:

[i][b]"Windows found an error in your system files and restored a recent backup of the files to fix the problem.

Press ENTER to retart your computer."[/b][/i]

So I press ENTER to restart. The same thing keeps happening over and over and over again! It just keeps cycling through the same messages and restarting. It’s an endless circle! I can’t get to my desktop in order to do anything else. Again, I’m no computer expert and any pc tech skills I have are extremely limited, to say the least.

Someone PLEASE help me to get this fixed! I don’t know what else to do other than post on a forum asking for help and/or advice. I would GREATLY appreciate it. Thanks!

Richard

system · April 21, 2006, 8:51pm

I had to start my computer with the emergency boot disk. Just stick it in the floppy drive then start the computer. I chose option 4(minimal boot). It will present a C:/ prompt. I typed in- scanreg /restore please note the space after scanreg then press the enter key. It then gave me a list of previous registry backups to choose from. Choose the newest one by moving the up & down arrows of the keyboard & pressing enter. Take the floppy out before the computer reboots. I’m hoping that you did not delete those backups already, as that is what it looks like you deleted. Good Luck! Also like I posted before, the new update did NOT detect the worm.

polonus · April 21, 2006, 9:05pm

Hi bearnstead,

You were so lucky to have an emergency boot disk. Well this is the dark side of any anti-virus solution, called false positives. They are sometimes inevitable, but can wreak havoc on the end-user. And in another thread another person is wrestling with the same results, but his situation may be worse.
Well anyway, learn this from this predicament. Read this sticky, and you understand why you always have to wait for the second opinion: http://forum.avast.com/index.php?topic=14433.0

So the next time around, upload the file to jotti or virustotal, read about it, ask in the forum, and then decide what to do.

polonus

Win32:Volage-G Worm

Announcements