iMac Pro review
AVG found this virus had infected over 300 exe files on my computer last week, I thought I'd managed to remove the problem after running AVG and Ad-Aware several times and they stopped telling me I had a virus. Today, the problem occured again; it infects exe files as soon as they appear.
Anyone know how to stop more exe files getting removed? I tried searching on Google, but haven't yet found a solution. Also tried switching off system restore.
which AVs found it and which didn't.
AntiVir 18.104.22.168 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 22.214.171.124 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 126.96.36.199 07.13.2005 no virus found
eTrust-Vet 188.8.131.52 07.14.2005 no virus found
Fortinet 184.108.40.206 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 220.127.116.11 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 5.8.2.070 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found
Thank you stalion and canard
The virus corrupted more exe files today, which is rather annoying! I've downloaded A2, also I've run AdAware, Spybot, AVG and CCleaner whilst System Restore was disabled, but the virus has appeared again...what shall I do? :-(
Were you running the scans in safe mode?
I tried running all the scans in safe mode yesterday, but this morning the virus had infected a few more exe's! :-(
This looks like a nasty one and I can't find any removal instructions as of yet the virus downloads these files to your computer
not much help I know
but this virus seems really tricky to sort out...it doesn't infect files as soon as possible, it waits a while then infects.
19/07/2005 - 15:00 - infected 319 files (network cable in, online)
28/07/2005 - 16:50 - infected 1 file (online)
02/08/2005 - 22:40 - infected 1 file (online)
05/08/2005 - 16:45 - infected 2 files (network cable in, online, only one PC on, System Restore off)
also it doesn't seem to infect the other computers on the network (i have disconnected them now), and AVG says that my computer has no viruses e.g. from 3rd Aug and 4th Aug, but on 5th the same virus appears which means the virus has remained on the computer all the time and not actually been removed.
I tried the Sophos scanner, but that didn't find anything either.
Instructions to remove this virus seem simple on the AVG site and others such as the norton's site.
Turn off System Restore,
Scan with AVG in Safe Mode,
Get a list of all files that are infected (not a small job with this one),
Terminate any process that is running if its listed on that list using the Task Manager.
Now re-run (again in Safe Mode) AVG and have it quaratine all infected files. If it offers to heal, give it try but as I said, most of the time it will corrupt the file instead of just append its code to the end which is the only way a file can be healed if infected.
Replace the infected files with originals
However, it doesn't seem easy to remove. I have already switched off system restore, I've scanned in Safe Mode (AVG finds no viruses) so there's no processes that I should stop, and when I run the scan again, no viruses are found! But a few days later, the virus appears again infecting more exe's :-(
Could you please tell me which of these processes I may terminate whilst running the PC? taskmgr.exe, rundll32.exe, explorer.exe, svchost.exe, svchost.exe, svchost.exe, lsass.exe, services.exe, winlogon.exe, csrss.exe, system, system idle process?
Also I've noticed that GMail Notifier seems to be acting quite strange lately, every time it boots tries to change a registry setting for "startup entry", however, I've not altered any of its settings for a long time
This thread is now locked and can not be replied to.