im stumped on ridding nyself of these nasty bugs
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: im stumped on ridding nyself of these nasty bugs

  1. #1
    Member
    Join Date
    Feb 2004
    Posts
    43

    im stumped on ridding nyself of these nasty bugs

    hi guys!
    i just got the avast scanner and i found some nastys.
    i figured i could use some help...
    this is what it logged (this is a long one so bear with me please)

    9/3/2004 1:59:30 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010408.exe\cupdate.exe" file.

    9/3/2004 2:01:19 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010422.exe\cupdate.exe" file.

    9/3/2004 2:03:44 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0018956.dll" file.

    9/3/2004 2:04:13 PM TERMINAL\Pat 2500 Sign of "Win95:Matyas" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\Pav.sig" file.

    9/3/2004 2:04:14 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\pavDll.dll" file.

    9/3/2004 2:11:47 PM TERMINAL\Pat 2500 Sign of "Win32:Trojano-307 [Trj]" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP50\A0024276.ocx" file.

    9/3/2004 2:18:14 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\unzipped\Downloads\Downloads\Hackers_Black_Book.zip\Hackers_Black_Book.exe\cupdate.exe" file.

    9/3/2004 3:28:20 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018956.dll.vir" file.

    9/3/2004 3:28:21 PM TERMINAL\Pat 2500 Sign of "Win32:Trojano-307 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0024276.ocx.vir" file.

    9/3/2004 3:28:22 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\cupdate.exe.vir" file.

    9/3/2004 3:28:23 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\pavDll.dll.vir" file.

    9/3/2004 3:50:18 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010408.exe\cupdate.exe" file.

    9/3/2004 3:50:28 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010422.exe\cupdate.exe" file.

    9/3/2004 3:52:54 PM TERMINAL\Pat 2500 Sign of "Win95:Matyas" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\Pav.sig" file.

    9/3/2004 4:04:13 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\unzipped\Downloads\Downloads\Hackers_Black_Book.zip\Hackers_Black_Book.exe\cupdate.exe" file.

    well there it is..my question is to anyone that can give me advice on getting rid of these nasties.
    i dont want to try deleting anything without some advice from people that know what they are doing and the advice in the past has been very helpfull and thanks again in advance for any imput.
    (any questions you have for me that might be of some use i will give)
    thx
    ~CJ~

    ~EDITED~
    im sorry i failed to mention that avast was unable to get these out..or move into my vault....i have heard great things of avast and it did pick up alot of things my other scanners didnt...anymore questions feel free to ask.

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Well first off all :

    Disable system restore.. that will remove some of your list
    then manually delete C:\unzipped\Downloads\Downloads\Hackers_Black_Book
    .zip
    most AV's have problems deleting files in archives..

    Cheers

    Oh and Why is Avast detecting its own quarintien folder? or are you useing another AV prog for this scan? If you have Uninstalled Avast then you will need to manually go in and delete the program folder .. That will put paid to those on the list..

    Once you have done that report back with a fresh list..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    You might want to run through this doc (attached) just to get the scanning parts out of the way.

    Also, it looks like most of those readings are coming from system restore files? You might want to disable system restore to get rid of those.

    http://www.antionline.com/attachment...achmentid=4913

  4. #4
    Member
    Join Date
    Feb 2004
    Posts
    43
    wow that was fast and thank you for the advice...my system restore has been failing me lately
    error system restore incomplete
    could this be the reason and when disabled im assuming that i will no longer have access to this feature if something goes wrong in the future?
    or do you mean to temperaraly disable it to rid myself of the log..then enable it again?

    thx again for the speedy responce..i appreciate that
    ~CJ~

    EDITED::

    i have to go to work soon but i will do as advised and post another log when i return
    thx

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    do you mean to temperaraly disable it to rid myself of the log..then enable it again
    yes

    it is always a good practice to disable the System restore whenever doing virus (and Parasite) removals

    Then re-enable when done..

    As you can see the virus is stored in the system restore information.. just waiting to come back and bite you..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Start menu, programs, accessories, system tools, system restore, Click system restore settings, Check disable system restore on all drives, hit apply. Then scan with the tools in the doc I linked. After that you should be A-OK, if not, post again.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Well, it is written in the Good Book:

    "He who sows the seeds of discontent, shall reap the whirlwind"

    9/3/2004 2:18:14 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in " C:\unzipped\Downloads\Downloads\Hackers_Black_Book
    You need to be very careful what sites you visit, what you download, and particularly what you do with those downloads.



    just my thoughts
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Start menu, programs, accessories, system tools, system restore, Click system restore settings, Check disable system restore on all drives, hit apply
    Just for information purposses, you can also: Right click my computer on the desk top, click properties>system restore>check disable>confrim.

    As Nihil pointed out, if you are going to frequent Hacking/cracking/warez sites. Even if for only educational purposses, watch your back
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #9
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Hackers_Black_Book
    Now I'm curious, but not so stupid as to wander into there to have a look.

    So tell us CYB3RJ3DI:
    Was it worth it ?

    And:

    What's in it ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Now I'm curious, but not so stupid as to wander into there to have a look
    Now i am

    All i found was a bunch of popups and a load of stuff in German.LMAO
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides