Worm/Generic.ANK infection

  Drpeter 19:01 09 Feb 2007
Locked

After many years of freedom from infection, my daily scan with AVG Free v7.5.441, detected a virus, which it identified as Worm/Generic.ANK in USBInfoInstallation. After deleting the infected file, a further full scan revealed no threats. After to-day’s scan, the same virus was found in System Volume Information\-restore(lots of numbers). When looked into, the file was A0064659.exe. I deleted this file and a further full scan reveals no threat.
I find it odd that I am able, apparently, to remove the worm so easily. However, I wonder if anyone can suggest where I may be acquiring the offender. I use Mailwasher and only look at e-mails from known sources and I NEVER open any e-mails attachments. I have not downloaded any new programs recently, but have been using Skype for some weeks to contact my son and daughter in the USA and one friend in the UK. Is it possible, or even likely, that Skype may be the source? If so, what can I do about this – except not to use the program?
Any helpful comments would be much appreciated!

  VoG II 19:08 09 Feb 2007

It is in a restore point. If you want to get rid of it you need to turn System Restore off then on again. click here - this will delete all of your restore points.

  SANTOS7 19:16 09 Feb 2007

To rid yourself of this virus you will need to turn OFF system restore. System volume info files are a closed shop as regards to your A/V removing them.
Because you are booting your PC in effect within the same volume that contains the virus, it will always return.
Scan your PC, clean all temp files, use any other housekeeping progs you might have then when you are happy your PC is running OK turn OFF system restore
reboot your PC which will delete them all and the infected files with it.
Don't forget to set a new restore point when done..

  Drpeter 20:00 09 Feb 2007

Many thanks to VoG and Santos7 - I have followed the advice you have both given! (I was taken into system volume info files by AVG, when it offered to take me to the infected file! Normally, Explore cannot take you there!)
Hopefully, your advice has done the trick of removing the offender. Any ideas of how I may have got it - and so how to avoid re-infection?
Many thanks - in anticipation,
Peter

(I should have given details of my setup:-
Processor AuthenticAMD AMD Athlon(tm) XP 1700+
Memory 512MB RAM
HDD 80 Gb 7200 rpm
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
AVG Free 7.5.441
Spybot 1.4
Spywareblaster 3.5.1
CleanUp 4.5.2
CCleaner 1.37.456
Internet Explorer v7.0.5730.11
Outlook Express v7.0.5730.11
FireFox 2.0
Windows Media Player 10.0.0.3646
Windows Live Messenger 4.7.3001
MSN Messenger 8.0
ECS Mainboard K7S5A

  SANTOS7 20:20 09 Feb 2007

click here

the link will give you a better insight as to how your PC gets infected, i wouldn't worry to much your A/V did its job, you only need to follow a few simple rules, basically where you point your PC in the first place,Email attachments, that sort of thing, browse the web sensibly and you are going to be OK, good luck..

  big bloke66 20:37 09 Feb 2007

Now im only thinking out loud here, is there a possibility that Worm/Generic.ANK in USBInfoInstallation, virus/worm is a false positive.
Have you tried Avg`s web site for more info?
Im probably totaly wrong about this, but as you say you find it odd how easy it was to get rid of it.

Ok i`ll shut up now it was just a hunch.
bb66.

  Drpeter 21:31 09 Feb 2007

bb66
You may well be right - I have looked in the AVG list of viruses and the nearest is Worm/Generic.FX - and I have not been able to find reference to it anywhere else either. However, the file named A0064659.exe had appeared twice in a very odd place, with it's size and date stated.
I shall avoid Skype for a few days and then try it again to see if it causes a similar problem.
Peter

  SANTOS7 21:39 09 Feb 2007

I think its a variant of this.

Trojan-Dropper.Win32.VB.me

which is known to sit in your system volume info files..

  big bloke66 22:13 09 Feb 2007

Please let us now how you get on.

SANTOS7.could well be right!.
bb66

  Drpeter 20:01 11 Feb 2007

Just to let you know. I have been using Skype for a couple of days and have had several full scans by AVG - and have had no further infection.
Strangely enough, the computer has behaved normally throughout - perhaps it was one of those programmed to cause problems on the 3rd of the month!?!
Whatever - many thanks again. I have had hepl from this forum EVERY time I have had a problem and I Do appreciate it!
Peter

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone