-
September 3rd, 2004, 10:00 PM
#1
Member
im stumped on ridding nyself of these nasty bugs
hi guys!
i just got the avast scanner and i found some nastys.
i figured i could use some help...
this is what it logged (this is a long one so bear with me please)
9/3/2004 1:59:30 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010408.exe\cupdate.exe" file.
9/3/2004 2:01:19 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010422.exe\cupdate.exe" file.
9/3/2004 2:03:44 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0018956.dll" file.
9/3/2004 2:04:13 PM TERMINAL\Pat 2500 Sign of "Win95:Matyas" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\Pav.sig" file.
9/3/2004 2:04:14 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\pavDll.dll" file.
9/3/2004 2:11:47 PM TERMINAL\Pat 2500 Sign of "Win32:Trojano-307 [Trj]" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP50\A0024276.ocx" file.
9/3/2004 2:18:14 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\unzipped\Downloads\Downloads\Hackers_Black_Book.zip\Hackers_Black_Book.exe\cupdate.exe" file.
9/3/2004 3:28:20 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018956.dll.vir" file.
9/3/2004 3:28:21 PM TERMINAL\Pat 2500 Sign of "Win32:Trojano-307 [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0024276.ocx.vir" file.
9/3/2004 3:28:22 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\cupdate.exe.vir" file.
9/3/2004 3:28:23 PM TERMINAL\Pat 2500 Sign of "Win32:Kuang2" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\pavDll.dll.vir" file.
9/3/2004 3:50:18 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010408.exe\cupdate.exe" file.
9/3/2004 3:50:28 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0010422.exe\cupdate.exe" file.
9/3/2004 3:52:54 PM TERMINAL\Pat 2500 Sign of "Win95:Matyas" has been found in "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP35\A0019099.exe\Pav.sig" file.
9/3/2004 4:04:13 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\unzipped\Downloads\Downloads\Hackers_Black_Book.zip\Hackers_Black_Book.exe\cupdate.exe" file.
well there it is..my question is to anyone that can give me advice on getting rid of these nasties.
i dont want to try deleting anything without some advice from people that know what they are doing and the advice in the past has been very helpfull and thanks again in advance for any imput.
(any questions you have for me that might be of some use i will give)
thx
~CJ~
~EDITED~
im sorry i failed to mention that avast was unable to get these out..or move into my vault....i have heard great things of avast and it did pick up alot of things my other scanners didnt...anymore questions feel free to ask.
-
September 3rd, 2004, 10:06 PM
#2
Well first off all :
Disable system restore.. that will remove some of your list
then manually delete C:\unzipped\Downloads\Downloads\Hackers_Black_Book
.zip
most AV's have problems deleting files in archives..
Cheers
Oh and Why is Avast detecting its own quarintien folder? or are you useing another AV prog for this scan? If you have Uninstalled Avast then you will need to manually go in and delete the program folder .. That will put paid to those on the list..
Once you have done that report back with a fresh list..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 3rd, 2004, 10:07 PM
#3
You might want to run through this doc (attached) just to get the scanning parts out of the way.
Also, it looks like most of those readings are coming from system restore files? You might want to disable system restore to get rid of those.
http://www.antionline.com/attachment...achmentid=4913
-
September 3rd, 2004, 10:10 PM
#4
Member
wow that was fast and thank you for the advice...my system restore has been failing me lately
error system restore incomplete
could this be the reason and when disabled im assuming that i will no longer have access to this feature if something goes wrong in the future?
or do you mean to temperaraly disable it to rid myself of the log..then enable it again?
thx again for the speedy responce..i appreciate that
~CJ~
EDITED::
i have to go to work soon but i will do as advised and post another log when i return
thx
-
September 3rd, 2004, 10:13 PM
#5
do you mean to temperaraly disable it to rid myself of the log..then enable it again
yes
it is always a good practice to disable the System restore whenever doing virus (and Parasite) removals
Then re-enable when done..
As you can see the virus is stored in the system restore information.. just waiting to come back and bite you..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 3rd, 2004, 10:13 PM
#6
Start menu, programs, accessories, system tools, system restore, Click system restore settings, Check disable system restore on all drives, hit apply. Then scan with the tools in the doc I linked. After that you should be A-OK, if not, post again.
-
September 3rd, 2004, 10:33 PM
#7
Well, it is written in the Good Book:
"He who sows the seeds of discontent, shall reap the whirlwind"
9/3/2004 2:18:14 PM TERMINAL\Pat 2500 Sign of "Win32:Trojan-gen. {UPX!}" has been found in " C:\unzipped\Downloads\Downloads\Hackers_Black_Book
You need to be very careful what sites you visit, what you download, and particularly what you do with those downloads.
just my thoughts
-
September 4th, 2004, 12:53 AM
#8
Start menu, programs, accessories, system tools, system restore, Click system restore settings, Check disable system restore on all drives, hit apply
Just for information purposses, you can also: Right click my computer on the desk top, click properties>system restore>check disable>confrim.
As Nihil pointed out, if you are going to frequent Hacking/cracking/warez sites. Even if for only educational purposses, watch your back
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
September 4th, 2004, 01:40 AM
#9
Now I'm curious, but not so stupid as to wander into there to have a look.
So tell us CYB3RJ3DI:
Was it worth it ?
And:
What's in it ?
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
September 4th, 2004, 02:41 AM
#10
Now I'm curious, but not so stupid as to wander into there to have a look
Now i am
All i found was a bunch of popups and a load of stuff in German.LMAO
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|