avast scan help

[PHILO67]

hey there scanned pc and got some virusus now in the chest if i delete them will it mess with the system like take the whole path or file its involved with or will it just remove the virus part i dont know much about the programing end and dont know what can and cant be removed to some extent
any help thanx philooo.....

[FlyingPenguin]

Anything an anti-virus program finds should ALWAYS be quarantined (AVG calls it the Vault, Avast calls it the Chest I guess?). NEVER delete it.

Some viruses (expecially spyware trojans) can't just be removed - sometimes removing it will break something else (like your TCP/IP stack). You may have to restore the infected file to fix something else.

Also, I always tell my clients to NEVER delete so that when a repair tech like me comes in, he can see what was quarantined. If you delete it, it's gone and I have no clue what virus screwed up your computer or how to fix it.

Whenever you find a virus you should ALWAYS look up the details of the virus in your AV company's online database and see what the removal instructions are. Often you need to repair the registry in addition to cleaning or deleting the infected files. Sometimes there's a free repair tool you have to download.

If it's spyware (usually called a generic "trojan virus" by most AV scanners) then you should NOT do anything to it. Instead download a good spyware scanner like Microsoft Anti Spyware or SpySweeper and use THAT to clean it out.

As A rule I would do a full spyware scan first BEFORE doing a virus scan. You never want to allow an AV app to try to remove spyware.

[PHILO67]

F P you da man as usuall i have adaware 6 is that a spyware finder cause ive run that and it hasnt found those things so can yuo recomend a free one that will suffice

thanx aton philooooo.....

[wvjohn]

spysweeper at http://www.webroot.com

[PHILO67]

Also, I always tell my clients to NEVER delete so that when a repair tech like me comes in, he can see what was quarantined. If you delete it, it's gone and I have no clue what virus screwed up your computer or how to fix it.

heres what it found


Action was completed successfully!

Virus has been detected!
File Name: A0113153.exe
FileID: 10
Virus Description: Win32:Gaobot-1271 [Wrm]

Virus has been detected!
File Name: A0116247.exe
FileID: 11
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0116248.exe
FileID: 12
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0116564.exe
FileID: 13
Virus Description: Win32:Zapchast-F [Trj]

Virus has been detected!
File Name: A0116565.exe
FileID: 14
Virus Description: Win32 edler-M3-UPX [Wrm]

Virus has been detected!
File Name: A0116566.exe
FileID: 15
Virus Description: Win32:Trojan-gen. {Other}

Virus has been detected!
File Name: A0116613.exe
FileID: 16
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0121758.exe
FileID: 17
Virus Description: Win32 rotoride-M [Wrm]

Virus has been detected!
File Name: A0122191.exe
FileID: 18
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0122250.exe
FileID: 19
Virus Description: Win32 rotoride-M [Wrm]

Virus has been detected!
File Name: A0122251.exe
FileID: 20
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0158560.dll
FileID: 21
Virus Description: Win32 urityScan-F [Trj]

Virus has been detected!
File Name: A0158561.EXE
FileID: 22
Virus Description: Win32 urityScan-D [Trj]

Virus has been detected!
File Name: A0158563.dll
FileID: 24
Virus Description: Win32:Kuang2

Virus has been detected!
File Name: A0158571.exe
FileID: 25
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: A0158572.exe
FileID: 26
Virus Description: Win32:Zapchast-F [Trj]

Virus has been detected!
File Name: cvmonitor.exe
FileID: 6
Virus Description: Win32:Gaobot-217 [Wrm]

Virus has been detected!
File Name: install.exe
FileID: 5
Virus Description: Win32:Zapchast-F [Trj]

Virus has been detected!
File Name: install.exe
FileID: 7
Virus Description: Win32:Zapchast-F [Trj]

Virus has been detected!
File Name: install.exe
FileID: 9
Virus Description: Win32:Trojan-gen. {Other}

Virus has been detected!
File Name: MSlti64.exe
FileID: 4
Virus Description: Win32:Gaobot-79 [Wrm]

Virus has been detected!
File Name: ps_install-mt.exe
FileID: 8
Virus Description: Win32:Trojan-gen. {UPX!}




online spysweep found 16 things
im dloading the trial version right now
what should i do next????

[PHILO67]

ran spysweeper got rid of spyware have viruses and worms in chest(quarantine) posted what they are any help thanx

[FlyingPenguin]

You should be able to go to AVAST's website and check the info in their virus database for each virus. There should be recommended removal instructions for each one.

------------------
Edit

Actually, just checked, and AVAST's virus database sucks. You should consider switching AV apps, especially if AVAST was running when you got infected with all that crap. Doesn't look like it did you any good.

Here's the free Gaobot removal tool from Symantec:
http://securityresponse.symantec.com/av ... .tool.html

I suggest you look up the others in their database: http://securityresponse.symantec.com/av ... nfodb.html

[PHILO67]

Originally posted by FlyingPenguin
You should be able to go to AVAST's website and check the info in their virus database for each virus. There should be recommended removal instructions for each one.

------------------
Edit

Actually, just checked, and AVAST's virus database sucks. You should consider switching AV apps, especially if AVAST was running when you got infected with all that crap. Doesn't look like it did you any good.

Here's the free Gaobot removal tool from Symantec:
http://securityresponse.symantec.com/av ... .tool.html

I suggest you look up the others in their database: http://securityresponse.symantec.com/av ... nfodb.html

ran their(avasts) virus remover did nothing and no i didnt get these lateley just dloaded avast yesterday and this is what it showed ran norton and it didnt find any of that so i deleted it about 2 weeks ago after reading posts as to what a POS it was obviously it was cause ran a few times and never found anything the most recent virus looks about 3-4 months ago so its been there

links dont work page not disp. error need help please still have them in chest when run mem check it shows no open virus in the mem and my sys runs just fine maybe these email virus and only that i dont know dont send but 2-3 emails a year now hellp cant i just get the path and remove the virus part i can show full paths and let you check them out and see if i can delete certain parts of that ???? help dont like knowing this stuff is there

philoooo.......

[PHILO67]

Originally posted by FlyingPenguin
You should be able to go to AVAST's website and check the info in their virus database for each virus. There should be recommended removal instructions for each one.

------------------
Edit

Actually, just checked, and AVAST's virus database sucks. You should consider switching AV apps, especially if AVAST was running when you got infected with all that crap. Doesn't look like it did you any good.

Here's the free Gaobot removal tool from Symantec:
http://securityresponse.symantec.com/av ... .tool.html

I suggest you look up the others in their database: http://securityresponse.symantec.com/av ... nfodb.html

avast is gone got avg now will run it and see whats up what next delete everything it find or have to get delete program for each worm/virus i find why go to all the trouble to find these things with a program and not be able to delete them safely using the program its been 3 days working on this and i have dialup no fun huh any help thanx FP

philooo...

[FlyingPenguin]

If viruses are in the chest (or quarantine) then that's okay, except you should really check to make sure if there's special removal procedure or tool for that virus. If there is, you should restore the virus (otherwise the cleaner won't find it) and then run the cleaner, tool or whatever.

AVG works fine. A lot of my clients use it.

[PHILO67]

Originally posted by FlyingPenguin
If viruses are in the chest (or quarantine) then that's okay, except you should really check to make sure if there's special removal procedure or tool for that virus. If there is, you should restore the virus (otherwise the cleaner won't find it) and then run the cleaner, tool or whatever.

AVG works fine. A lot of my clients use it.

ok FP i got them in vault

this be them

worm/dedler.2.al
" " agobot.29.r
"" dedler.2.al diff. location
trojan scapur.a
worm/protoride.bi
worm/agobot these read gaobot on avast scan
worm/agobot.35.bb
Tro/proxy.13.aa
worm/protoride.m and also .bi a few of these
troj/collected.af
troj/downloader.purityscan .q
" " " " " " " .m
when searching avg site for names were very hard to find but 2-3 and it couldnt id them just generalized them and recomended this remover(vcleaner.exe)
ok FP dloaded remover of sort... and when getting ready to restore files and run in safe mode for remover program i noticed that it wanted me to approve of files being overwritten as they already exist .. sooo... the paths were shown and behold there sits the install .exe and along with the likes of A0122191 and some like it im right at the source i guess right so can i remove or delete the little pricks from there or what.. i can get into the properties of these things and manipulate them also can i like shut down the ram and sorts to make it an innefective program of sorts i dont know and also stuff in vault is that just a history of some kind cause it still showed the wrmstrjns still there mmmmmm dont know much as i said about programming but this is what ive come up with svchost still at 15k+ and in capps on reboots (sumtims stays lwer cs.) but 1 svc at 15k+


DUHUH i dont know thanx philoooo....

[FlyingPenguin]

First of all, 99% of those you listed are spyware (anything listed as a "trojan" or "loader" is spyware). You should not use an anti virus program to remove them as you can damage your registry.

I thought I mentioned this earlier - ALWAYS run an anti spyware scanner first, then run a virus scan to pickup the pieces. I recommend the free Microsoft Anti-Spyware.

Your anti-spyware may detect them in your AV program's quarantine (vault) if you do a thorough scan. You can ignore that.

You can also ignore anything in the System Restore files. When you're done cleaning you should disable system restore, then re-enable it (this will wipe ALL previous restore points). Any viruses or spyware you've had for a while is automatically saved with your restore points, so it's best to lose them. Just be sure you're prepared to delete all your restore points when you do this.