4 viruses i cant remove

  matthew-293741 05:02 08 Jul 2004

hi all

i use AVG and update regularily. I had to format my HDD 2 days ago...as soon as i hit the web again, i got inundated with viruses! Now i managed to get most of them using AVG..but i kept on getting greay pop-ups, saying i had this trojan or that worm...run AVG to get rid...so i did...nothing!!

then i went to trendmicro and ran the housecall scan...got rid of 2 more...but it said that i had 4 viruses that cannot be cleaned...can anyone shed any light on removal tactics?

viruses are
DOS AGOBOT.GEN (located) - sys32\drivers
WORM RBOT.AR - (located) - sys32\lsac.exe
TROJ BOTIRC.A (located) sys32\pluged
WORM SDBOT.MU (located) sys32\wuam

would any of these impair my internet usage...my ping has gone up by ten times as much as it use to!!

any help would be really welcome!!

  georgemac 08:07 08 Jul 2004

DOS AGOBOT.GEN info here click here and you can probably get info on th others here

click here is another online scanner I just came across - may be worth a try.

click here avast cleaner - worth a try do not know if it will remove any of your ones

click here download and run adaware see if it finds any

click here download and run spybot search and detroy - note version 1.3 has given several users problems - I have not had any problem with it.

click here a2 squared may help - this link was provided by another forum user, cannot recall who.

Once hopefully you have got rid of them, download and install all critical windows updates, in fact do it now if you can click here

and then install spywareblaster click here to help protect you in future

good luck

  georgemac 08:10 08 Jul 2004

are any of the viruses located in the system restore files? if so you have to disable system restore, then run AVG, then turn system restore back on.

it may also be worth booting into safe mode, tap f8 while booting and try and run avg while in safe mode - assuming you are using xp.

  son-of-a-gun 08:19 08 Jul 2004


georgemacs got a Very good point in his /her post.

  jack 08:37 08 Jul 2004

Try Stinger from MacAfee a freebe scanner
As a last resort try this

Go to Start/Run/type in Regedit.
Go in the find window [in edit menu in XP]
type in the name of the virus.
When it shows delete it, and then repeat for the others
This action may not remove all elements, but will
I believe bash it enough to keep it quiet.


  georgemac 08:55 08 Jul 2004

but for the regisrty I prefer to use regseeker click here which will search and clean the registry automatically.

Always create a restore point before making changes to the regisrty.

  matthew-293741 13:11 08 Jul 2004

Lads lads lads...you have done yourselves, myself and your fellow countrymen proud...i will try these out when i get home from work...i will update all you star type people when i geta result!


  matthew-293741 06:02 09 Jul 2004

Just to update you on my current status!

i ran regseeker yesterday, it cam up with around 163 various registry things...most of which i didnt understand...but i thought "sod it" delete the lot....when i did this..my interent started running fine, i checked out my ping on the CF server...back in the low 20's....cushty i thought...trouble was i couldnt access ant web pages...when i rebooted...it went thru the boot up in about 20 sec's...so good there also....but when i got to windows...i try to connect and my dial up box does not show...so i could nto connect to the intenet....no good. At least i now knew what roughlt the problem was...i just needed some advice on what reg keys to get rid of.

with this in mind i done another full format...cleaned hard drive and re-installed windows....when this was done i went to task manager/processess....in there (without loading anything) was the lsass.exe file and 4 x svchost.exe...these were the problem the last time (i think)....so now i am guessing that i need a new HDD, i mean to wipe it completely then load xp up again and the bots are still there!!

could this be MOBO related?

anyhoo....i had regseeker on a disc, so i loaded this up before i put anything else on windows (just that and recycle bin) this time instead of running a clean the registry scan and getting hundreds of files that i cant tell whats what...i searched for the lsass and svchost seperately...this come back with about ca 200 diffrent lines in various HKEY areas...so i highlighted and deleted...now i cant get into windows at all!!

does anyone know which individual registry lines i should be looking for?

  georgemac 07:09 09 Jul 2004

not mobo related you need svchost and lsass processes to be running. Viruses can hijack these o and the sasser process hijacks lsass.exe. I would format and reinstall windows gain, install anti virus and firewall then connect to the net, visit windows update and install all the critical updates. Then install spyware blaster and tehn do a scan - you will be clean.

  georgemac 07:46 09 Jul 2004

what happened to the restore point? Always use system restore to create a restore point before you make changes, and then if you have problems like you did above you can simply go back to where tyou were before you made the changes.

  georgemac 07:49 09 Jul 2004

click here;en-us;314056 for info about svchost.exe

click here lsass.exe and I think I may download and try the programme on this page

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 6 review: Hands-on

How to add texture to hand-drawn artworks

Best free iPad apps 2018

Comment créer un compte PayPal pour payer en ligne ?