Is it telling you that the viruses are contained in "System Volume Information", if so there's not much you can do afaik, Windows tends to deny access to this folder.
Viruses
i seem to have a fair few viruses on my computer. ive already uninstalled and reinstalled windows and removed everything....scanned the disk a million times and cleared out these viruses. it was ok for a day or two but now they're back
my anti virus programme AVG, comes up with a warning that they're present and i should run AVG, but when i do i doesn't find anything, even thoguh i'm definetly scanning the right place
i just don't know how im going to get rid of them
i have a sasser worm E, we did have B, but that seems to have gone...and also, i get lots of trojan horse warnings as well.
ive got my firewall turned on permently, andive tried solo anti virus as well...but to no avail
ive also been having problems with msn singing me in and out, ive tried uninstalling and downloading it again, but the same problem keeps recurring
i jsut don't know what to do anymore! can anyone help me?
(Edited by Spitefulangel 01/06/2004 12:48)
my anti virus programme AVG, comes up with a warning that they're present and i should run AVG, but when i do i doesn't find anything, even thoguh i'm definetly scanning the right place
i just don't know how im going to get rid of them
i have a sasser worm E, we did have B, but that seems to have gone...and also, i get lots of trojan horse warnings as well.
ive got my firewall turned on permently, andive tried solo anti virus as well...but to no avail
ive also been having problems with msn singing me in and out, ive tried uninstalling and downloading it again, but the same problem keeps recurring
i jsut don't know what to do anymore! can anyone help me?
(Edited by Spitefulangel 01/06/2004 12:48)
14 Replies and 1924 Views in Total.
Have a look at my post in This thread.
AV is OK if it is able to catch the virus as it arrives. Unfortunately if it has slipped through in-between updates, you are likely to find yourself battling against the remnants that the virus leaves behind. These are often tucked away in places like the Windows registry and after you think you've got rid of everything, it all comes back again.
This is where a damage cleanup tool is different from an actual anti-virus scanner, it scans through running processes and other nooks and crannies which a normal av scanner would be expected to look at.
Windows XP & ME also have a "system restore" function which conspires against you because virus writers are exploiting this as another way of getting the virus back just when you think you have got rid of it. There's another link in that post which points you to some instructions where you disable this facility before running the recovery program. Then when (hopefully) the program has done it's stuff you can re-enable this facility.
Hopefully that will sort you out.
AV is OK if it is able to catch the virus as it arrives. Unfortunately if it has slipped through in-between updates, you are likely to find yourself battling against the remnants that the virus leaves behind. These are often tucked away in places like the Windows registry and after you think you've got rid of everything, it all comes back again.
This is where a damage cleanup tool is different from an actual anti-virus scanner, it scans through running processes and other nooks and crannies which a normal av scanner would be expected to look at.
Windows XP & ME also have a "system restore" function which conspires against you because virus writers are exploiting this as another way of getting the virus back just when you think you have got rid of it. There's another link in that post which points you to some instructions where you disable this facility before running the recovery program. Then when (hopefully) the program has done it's stuff you can re-enable this facility.
Hopefully that will sort you out.
If you come to my BBQ I'm gonna steal you away for a bit to do this on my computer 'cos I couldn't find where to do it *blonde*
by gobstopper
Windows XP & ME also have a "system restore" function which conspires against you because virus writers are exploiting this as another way of getting the virus back just when you think you have got rid of it. There's another link in that post which points you to some instructions where you disable this facility before running the recovery program. Then when (hopefully) the program has done it's stuff you can re-enable this facility.
And if he ain't there, I know how to do it
by Teresa
(quotes)
If you come to my BBQ I'm gonna steal you away for a bit to do this on my computer 'cos I couldn't find where to do it *blonde*
If your getting the Sasser worm then you need to get the windows updates for close the hole.
I think AVG lets you create a rescue disk set which you can boot from and will scan everything.
I think AVG lets you create a rescue disk set which you can boot from and will scan everything.
I've found that some of these viruses are 'sleeper' viruses ie they only become active if the computer is left running but you're not actually doing anything on it, and as soon as you move the mouse they hibernate again and the damned virus checker can't find it!
The way I got rid of mine was to set up an automatic check and then leave it. I set mine up for a 1400 check and then left my computer alone the following afternoon. It finally caught the little *^&%(^%$&* that has been pestering me for months.
That might help with some of them.
The way I got rid of mine was to set up an automatic check and then leave it. I set mine up for a 1400 check and then left my computer alone the following afternoon. It finally caught the little *^&%(^%$&* that has been pestering me for months.
That might help with some of them.
well, as far as i can tell, after running the sysclean ive got rid of the sasser worm E....the warning was popping up every few minutes, but its stopped altogether now
but the damn trojan is still there
this is what im getting:
trojan horse IRC/backdoor.sdbot.25.AA
c:\WINDOWS\system32\lserv.exe
so i pointed the trend micro sysclean right at that folder, but it came up with a lot of files in there, where it said "an error occurred while scanning [c:\WINDOWS\system32\lserv.exe (for one example)] access is denied"
any ideas now?
(Edited by Spitefulangel 01/06/2004 16:55)
but the damn trojan is still there
this is what im getting:
trojan horse IRC/backdoor.sdbot.25.AA
c:\WINDOWS\system32\lserv.exe
so i pointed the trend micro sysclean right at that folder, but it came up with a lot of files in there, where it said "an error occurred while scanning [c:\WINDOWS\system32\lserv.exe (for one example)] access is denied"
any ideas now?
(Edited by Spitefulangel 01/06/2004 16:55)
Looks like this is one of the little buggers which needs to be removed manually
Have a look at the manual removal instructions on this page.
Obviously not knowing which Windows version you are running it's difficult to say for certain, but it's possible that you may be getting the access denied error when you run the system cleaning tool because you are not logged in as adminsitrator or with a username which has administrative rights.
(Edited by gobstopper 01/06/2004 19:22)
Have a look at the manual removal instructions on this page.
Obviously not knowing which Windows version you are running it's difficult to say for certain, but it's possible that you may be getting the access denied error when you run the system cleaning tool because you are not logged in as adminsitrator or with a username which has administrative rights.
(Edited by gobstopper 01/06/2004 19:22)
i am running windows XP and im using the admin profile
i went through the regedit thing and manually deleted a load of lserv.exe files
but noooo, avg is still popping up and saying its there and to run avg gaah
why won't it go awaaaay, what a total horror
i went through the regedit thing and manually deleted a load of lserv.exe files
but noooo, avg is still popping up and saying its there and to run avg gaah
why won't it go awaaaay, what a total horror
I'm starting to run out of ideas, I'm afraid.
Did you follow the "Additional Windows ME/XP Cleaning Instructions" section?
I'm not an XP user, but I know that if you don't do this before you try and rid yourself of the virus, it's the main way that it can keep coming back.
The same applies for the sysclean tool. It will do what it can, but the system restore function conveniently re-introduces the virus.
Did you follow the "Additional Windows ME/XP Cleaning Instructions" section?
I'm not an XP user, but I know that if you don't do this before you try and rid yourself of the virus, it's the main way that it can keep coming back.
The same applies for the sysclean tool. It will do what it can, but the system restore function conveniently re-introduces the virus.
in running a sypbot serach and destroy thing
it found FIFTY problems! all of which ive got rid of, and then it found a few more here and there, its also immunized a whole load of potentially dangerous things
im now doing an online etrust antivirus webscanner, which so far has found one problem
im then going to run AVG anti virus system
gaah
my computer is seriously infected! its so bad, coz i run 2 firewalls, and do regular virus scans, so how its managed to get this infected is beyond me
it found FIFTY problems! all of which ive got rid of, and then it found a few more here and there, its also immunized a whole load of potentially dangerous things
im now doing an online etrust antivirus webscanner, which so far has found one problem
im then going to run AVG anti virus system
gaah
my computer is seriously infected! its so bad, coz i run 2 firewalls, and do regular virus scans, so how its managed to get this infected is beyond me
2 firewalls on the same PC? If that's the case I would ditch one of them. You may think that you are doubling security, but there's a chance that they are tripping each other up and you may find yourself with less security than you think. Pick one good one (in other words not the one built into XP) and stick with it.
by Spitefulangel
my computer is seriously infected! its so bad, coz i run 2 firewalls, and do regular virus scans, so how its managed to get this infected is beyond me
As free virus scanners go, AVG will do the job as well as any other. However, with the escalation of viruses and the rate that these "nice" people chose to mutate them, the one thing you are probably missing out on is regular pattern/signature updates.
I used to run AVG myself and found that it was only updating once, maybe twice, a week. Some AV manufacturers are putting out as many as 4 or 5 updates a day now.
The other point is that these people are finding new sneaky ways to get this code onto your machine in the first place. Unforunately for Windows users, these vunerabilities are already present in the operating system. Trojans and Spyware are becoming just as much of a pain as viruses. There are commercial products to deal with this pain (PestPatrol works just like an AV scanner), but there are also free products around (Spybot you're already using, plus Adaware) which are now just as important to the PC armoury as a firewall and decent anti-virus.