[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Two viruses I just CAN'T get rid of!

Posted on 2005-04-13
8
Medium Priority
?
386 Views
Last Modified: 2013-12-04
Hello everyone!

My computer has been acting up!  Anytime I click on a link in almost any program, it freezes that program for about 20-30 seconds, then either delivers the page, or simply resumes.  It also has stopped me from accessing Windows Update, and Search for Files on my PC, and even My Computer.

I am a Windows XP Pro user - I have Sygate Personal Firewall running, as well as the Microsoft firewall now integrated into Windows XP.  I also have Norton AntiVirus always running and auto updating.  Yet I have managed to contract some viruses.  I actually had found that I contracted TEN viruses, but was able to delete eight of them.  I was able to do this by using housecall.trendmircro.com.

The two that I can not get rid of are named the following according to trendmicro:
TROJ AGENT.FZ and TROJ DROPPER.BR

Both of these exist in files that are constantly being accessed, so nothing I have tried has resulted in success.  They are located in:
c:\windows\system32\req.dat
c:\windows\config\dnsav.dll

Things are BETTER now, but I need to see if anyone out there can help me get rid of these two.  I was able to log in under safe mode and get rid of the req.dat file, but upon restarting it reappeared.  I normally consider myself pretty security savvy - but I am beginning to second guess THAT.

Any help is greatly appreciated!
0
Comment
Question by:Internetbias
8 Comments
 
LVL 29

Expert Comment

by:blue_zee
ID: 13776572

Have you tried scanning in Safe Mode?

Have you disabled System Restore?

If you answer no to any of those, try them, please.

Zee
0
 
LVL 1

Author Comment

by:Internetbias
ID: 13776793
I DID disable System Restore - however I only have Norton AV which does not seem to notice the files.  And I can not use the remote version of trendmicro in safe mode, unless that is possible if I do Safemode with Networking.

I'm a bit of a safemode idiot.  I can get there, but my abilities while in that mode escape me.

I will certainly try it though.  Confirm which method I should scan with and I will do it, thanks!
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 2000 total points
ID: 13776977

Probably better than using an online scanner, download, install and update Avast Home Edition (free):

http://www.avast.com/eng/down_home.html

After installing and updating, turn off Norton, turn off System Restore, restart in Safe Mode and scan with Avast.

See if it finds those nasties too.

Be aware, though, that you should only run one AV program.

Good luck,

Zee
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 9

Expert Comment

by:woodendude
ID: 13776979
Give stringer a shot, diable system restore, run in safe mode.
http://vil.nai.com/vil/stinger/
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13777090

Last but not least, use KillBox to delete those files:

http://www.atribune.org/downloads/KillBox.exe

Then double-click on Killbox.exe to run it.

Place the following lines (complete paths), one at a time, in the "Full Path of File to Delete" box in Killbox:

c:\windows\system32\req.dat
c:\windows\config\dnsav.dl

Click Delete on reboot and click the red button with the white X on it after each.

Click the Excit button and restart your system.

The files should be deleted upon reboot.

Scan again to confirm.

Zee
0
 
LVL 32

Expert Comment

by:r-k
ID: 13778895
If the files are still not deleted, please try the following:

In Windows Explorer, right-click on each infected file that you can't delete, then select Properties, then the Security tab.

You should see a bunch of users/groups that have permissions to access that file. Remove all of them, so that no one has permission to access the file. (You may need to uncheck the box that reads "inherit permissions from parent...")

Then reboot the machine, run Explorer again, select Security for those files again, give yourself permission, and delete those files.

Please don't do this to essential system files or you may not be able to start Windows.
0
 
LVL 1

Author Comment

by:Internetbias
ID: 13778932
Avast did pretty much everything!  After installing and rebooting, it started doing the scan and offered to delete my items.  It even found three MORE viruses that none of the otehr programs found.  DELETE DELETE DELETE.

I was very troubled, as very soon after my internet went out, but it was not related, so far as I know.  Clicking on links in various programs still ocassionally hang the application, but the viruses appear to be gone.  Nothing more is showing on any Antivirus apps anyway.

I will keep a watch out for the next few days and try to see if I can't continue to duplicate the problem.  Otherwise mission accomplished!  Thanks for all the info!
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13779367

Glad we managed it.

Thanks!

Zee
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question