AVG Virus alert

  dangerusone 14:09 11 Oct 2007

When I go online I get a virus alert from AVG saying - Trojan horse Generic 4.TB
C\Windows\System 32\totour.exe
Backup copy infected
I usually click on the heal option and then carry on.
When I do a full scan with AVG I get two "read errors" Windows\System 32\drivers\etc\hosts
Windows\System 32\ntoskml.exe

The only trouble I seem to be having is sometimes when online,when I try to go to another page,eg BBC News I get the message Page cannot be displayed(unavailable) I have to reboot and go online again which is rather inconvenient.
Has anyone any ideas what causes this and what I can do to sort it out.
Also pages seem to be slower than usual opening.

  birdface 15:11 11 Oct 2007

Just wondering do you have the paid version of AVG. I have the free version and the only time it finds anything is if I set it to scan,But it has never reported any problems without the scan.Googled click here

  DieSse 15:27 11 Oct 2007

Found this - it may help

hi, ive solved the 'totour.exe' problem.

it appears I was also infected with Trojan.Spam.RUCrzy, which patched the file, 'ndis.sys' in the system32\drivers dir. This creates a file named, CP1041.NLS, in the C:\ This happened everytime I was alerted to the 'totour.exe' when I search for the file 'ndis.sys' I found that there were 2 on my system, one was a valid Microsoft Driver (about 160kb) the other was an unknown driver (about 260kb). I copied the valid MS driver and rebooted in safe mode. I then replaced the unknown driver with the MS driver.

After another reboot, my system appears to be clean

  dangerusone 16:31 11 Oct 2007

The trouble seems to be the "totours" virus ,which reading about it is quite hard to remove. One guy recommended making a text file and naming it totour.exe and making it read only, so I'm trying that and hoping for the best. Obviously it won't remove it but the guy said it doesn't keep appearing now.
I'm shutting down now and will restart later if it doesn't show its face I will post on here

  dangerusone 20:22 11 Oct 2007

Just started up again,still getting the "totour.exe" message when I go on line. If I could find the exact location I should be able to remove it manually. I'll have another play

  Jak_1 20:30 11 Oct 2007

Turn off System Restore : Control Panel > System > System Restore.

Step two. Reboot the computer in Safe Mode.

Step three. Run AVG, then any antispyware progs you may have.

Step four. Re-boot the computer in normalmode and reinstate System Restore.

Hopefully that should clear things.

Note, you will lose all restore pints though so make sure any important files are backed up!

  dangerusone 23:05 16 Oct 2007

I still had trouble no matter what I did, so I moved any files (photo's, music etc)that I didn't want to lose and then wiped every thing off and ended up re-installing Windows. Extreme I know but I was getting frustrated and desparate. Everything seems to be OK now. One huge lesson learned is be very careful what you download and then install

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?