Is this a Super Virus? Undetected by all AV?

  Gaz 25 13:08 25 Jun 2003

Some very strange happenings have been going on.

I have posted some here.

For a start, connections in XP were dissapering.

Next all files were changed to READ ONLY so it caused problems with programs.

The computer crashes and locks up a lot with svchost using up 59% and then 0% then 90%, and goes on like that, it does then stop, but if I close svchost the funnies dont happen till next restart.

Just now, Administrative tools > has appeared for no reason, I have not asked it too, and programs started duplicating the entries.

Aswell as many other wierd things, such as settings changing and things not working.

I have not only run scans by leading AV companies such as Trend Micro, Norton and Panda, etc as well as McAffe, I have added the Cleaner 3, and spyware guards.

Is this normal or is it a VIRUS?

I heard that if funny things are going on with your PC a virus is a probable culprit but my AV would detect that surely?

I also run Grisoft AVG 6.0 software as installed and the others were Online scans, I have updated my AV every week.

Can anyone help?


  -pops- 13:15 25 Jun 2003

Have you done a system restore to before these things were happening?

  Gaz 25 13:16 25 Jun 2003

Its always happened.

  Gaz 25 13:19 25 Jun 2003

I have tried that and it restores the changes but then it just happens again.

All of this seems to do a loop too, the same problem happens again a few weeks afterwords, very odd.

I have also checked all my files and run a Windows repair. No answer. To Norton that say it IS a virus which the online scan will remove, but it says I am clean.

Any ideas from you would be of great help.


  -pops- 13:21 25 Jun 2003

If it's always happened I'm surprised you have not worried about it before now. As it is, it suggests to me that there is something amiss with your Windows setup rather than anything it has picked up.

Perhaps a new installation of your O/S would cure it?

  keith-236785 15:20 25 Jun 2003

click here , download and install the 30 day trial Anti-Trojan scanner.

run it and see if you have a trojan on your system, ATShield will not delete the trojan (you will have to do that manually unless you pay for the upgrade.

have a look and post back if you find something

good luck

  Jester2K II 15:27 25 Jun 2003

More importantly you need to tell us what programs are starting on your PC.

Download Autoruns click here and then run the program. Goto the view menu and choose Copy To Clipboard. Paste the results back here.

All the virus scanners in the world might not detect a rare virus / malicious program but the human eye might if we see something we can't explain...

  DieSse 15:29 25 Jun 2003

Then it can't be a virus, as there must have been a time before any virus infection.

Download and run a good memory test program. click here

  woodchip 16:10 25 Jun 2003

This can be caused by Over clocking a CPU, Not saying that you have but you may not have got some settings right for the CPU when you boot up what Speed does it say, is it the same as your CPU. It could also be memory fault

  Gaz 25 17:35 25 Jun 2003

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceExHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run+ SOUNDMAN.EXE
+ RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
+ nwiz.exe /install
+ anvshell.exe
+ livenote.exe
+ C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
+ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
+ C:\Program Files\Creative\Creative Desktop Wireless\KbDriver_2K.exe
+ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
+ "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run+ C:\WINDOWS\System32\ctfmon.exe
+ "C:\Program Files\Messenger\msmsgs.exe" /background
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnceHKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesHKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnceC:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ desktop.ini
+ Microsoft Office.lnk -> C:\PROGRA~1\MICROS~4\Office10\OSA.EXE
C:\Documents and Settings\Gareth Roberts\Start Menu\Programs\Startup
+ desktop.ini
+ Realtime scanner.lnk -> C:\PROGRA~1\SPYWAR~2\sgmain.exe
+ SpywareGuard.lnk -> C:\PROGRA~1\SPYWAR~2\sgmain.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad+ PostBootReminder -> %SystemRoot%\system32\SHELL32.dll
+ CDBurn -> %SystemRoot%\system32\SHELL32.dll
+ WebCheck -> %SystemRoot%\System32\webcheck.dll
+ SysTray -> C:\WINDOWS\System32\stobject.dll
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
Task Scheduler
+ C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

It has had more memory and a test shows it is Ok.

Also the PC is NOT overclocked becuase in the long term this would not be good.

NO Trojan was found.

Hop someone can help me.


PS. Thanks for suggestions so far.

  Gaz 25 17:49 25 Jun 2003

It seams to have gone long.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator Charles Williams on how to create magazines and book covers

iMac Pro review

Les meilleures prises CPL (2018)