avg finds new.love virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
Help.


nothing else is detecting it. But AVG is sure its there. i went on symantecs website and did not see anything on it.

how do you get rid of it.

AVG says to Delete it press D or something like that. But the computer freezes up.

Please help

thanks

lamar
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
anyone help me out?

c:/windows/system/activescan/imscan.dll


thats where it says it is

and it says its

vbs/new.love.a



PLEASE HELP....
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
adw.tenget.a & troj.peper.a 3 of 1 and 4 of the other were found..
I am going to delete them..

but my questions is did it harm anything on my computer
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
now it says its unable to delete

c:/restore/archive/fs178.cab and 179.cab


so now what do I do?
 
Joined
Jul 26, 2002
Messages
46,331
If you have the peper.a trojan it is a bear to remove.

The only two programs that I know of right now that will remove it are Nod32 and TDS-3.

The best way and only real efficient way is to download TDS-3 from http://www.wilders.org/anti_trojans.htm
and update it following the instructions here:
http://tds.diamondcs.com.au/index.php?page=update

This is a Trial version so you will have to do the update manually. The automatic update only works with the registered version which costs $49. When you dowload the update put the radius.td3 file in the C:/Program Files/TDS3 folder provided that is where you installed TDS3.

Launch TDS-3 and click on "System Testing" then "Full System Scan" and the scan will begin.
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
Is there a free way to get rid of this thing. I still cant get housecall to delete it. AVG calls it newlove and it goes into shock so i cant even turn it on because it freezes up.

What is it doing to my computer?

Thanks Lamar
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
ok, I think i found one that was free called jammer, but I caqnt seem to get it to do a darn thing. ????

thanks
 
Joined
Jul 26, 2002
Messages
46,331
If you have peper.a we can help you remove it. We have done it by a couple of different methods here in the last few days. If you will post a Hijack This log we can help.

Also in your post above you said that something was found here:

c:/restore/archive/fs178.cab and 179.cab

That location is in system restore. All you have to do is turn off system restore and reboot and that will clear that up.
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
Logfile of HijackThis v1.97.2
Scan saved at 4:04:29 PM, on 10/26/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AGNITUM\JAMMER 2.0\JAMMER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Jammer] C:\PROGRAM FILES\AGNITUM\JAMMER 2.0\JAMMER.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.3887152778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
"That location is in system restore. All you have to do is turn off system restore and reboot and that will clear that up."

I dont think I know how to do that? Sorry
 
Joined
Jul 26, 2002
Messages
46,331
I don't see any evidence of any trojans in your log.

If you had peper.a it would be obvious.

It seems to me that all you have to do is turn system restore off. restart and then create a restore point.

Also have Hijack This fix this one:

O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab

See here for how to turn off System Restore:

http://www.pchell.com/virus/systemrestore.shtml

And here to create a restore point:

http://www.winbookcorp.com/_technote/WBTA10000100.htm
 

lamar_ashley

Thread Starter
Joined
Jul 14, 2003
Messages
108
alright, i did a new scan on housecall and nothing has come up. I turned my restore back on and what not and im running housecall one more time.

my last question....

is the virus AVG finding (newlove) the same as what housecall was finding (peper.a)

Do you think its safe to turn AVG back on? It freezes every time. Maybe I have a bad download of AVG all the sudden or maybe something infected it??

Thanks again

Lamar
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top