Unknown Worm Or Virus Activity???

  Highland Guy 10:33 21 Nov 2006

Hi Everyone, I have come across some worm or virus activity on a friends pc that I just can't resolve.

The pc in question was running macafee av software but it was not fully updated!!! (I know)
I have uninstalled macafee and installed avg free this picked up some rather nasty trojans but not the main culprit ( even in safe mode ).

Running adaware and spybot s+d returns nothing either.

The main symptom for this nasty is disabling any firewall on pc including windows own one. One thing that might give someone a clue here is that when you go onto windows update website and try and download latest malicious software removal tool it shuts pc down same thing happens when visiting trend housecall online scan the scan completes then pc shuts down. The pc doesn't shut down when on any other website or under non web related work so obviously this nasty is detecting security websites as a threat and shutting pc down before it gets removed.

I was hoping that someone on here might have come across this or something similar in the past or recently as there are no obvious clues to be gleaned from usual avenues i.e system processes, dodgy registry entries etc.

Many thanks in advance for any help


  ?bob? 10:41 21 Nov 2006

This sounds very bad...
Will it let u install any anti-virus software,
If so u can download trend-micro and it will probly do it. If u want u can tell me ur email address and i will send it 2 u.

  Highland Guy 10:54 21 Nov 2006

Hi Bob, It let me install AVG no problem but it obviously doesn't see that as a threat, it seems to me that it only shuts down pc when it knows it will be detected and or removed.

I was hoping to avoid a reformat if at all possible as it is a Dell rig under a year old which came with Win XP pre installed.

The other thing I was worried about was if I return it to factory settings the nasty could still be there and therefore back to square one.

Thank you for your kind offer of trend-micro I will pm you with e-mail addy.


  ?bob? 10:56 21 Nov 2006

What is "pm"?

  ?bob? 10:56 21 Nov 2006

i am glad i could help!

  Highland Guy 10:58 21 Nov 2006

Hi Bob, pm is private message, I have sent you addy now via pm so you should have it soon.


  ?bob? 11:03 21 Nov 2006

Cool, i am sending the file now...

  Belatucadrus 11:38 21 Nov 2006

It may be worth trying some alternatives as it's unlikely everything can be blocked.
click here Panda Active Scan, another on-line AV check.
click here Panda Spyxposer on-line scan.
click here avast! Virus Cleaner.
click here Sophos Anti Rootkit.

  Belatucadrus 11:43 21 Nov 2006

click here BitDefender on-line scan.

  Highland Guy 12:18 21 Nov 2006

Many thanks have downloaded the above and will try online scans when i go to friends house later on hopefully something will identify this nasty and I will be able to delete it.

Will post and let you know how I get on.


  birdface 12:26 21 Nov 2006

Dont suppose your friend has downloaded MSN+Plus lately,Grandaughter has all the same problems as you, She Downloaded MSN Plus And you get all the crap with it,Commonly known as Lop.Com,Will not let her download Anti-Virus or Spyware programs,The ones it does allow are probably already infected,Cant download Microsoft Updates,Can almost guarantee he has MSN Plus on his computer,

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 Hack Latest News: How Secure is your Wi-Fi?

Photoshop CC 2018 released with new Curvature Pen and better brush tools

Best kids apps for iPhone & iPad

Comment utiliser Twitter ?