1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

avg finds new.love virus

Discussion in 'Virus & Other Malware Removal' started by lamar_ashley, Oct 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    Help.


    nothing else is detecting it. But AVG is sure its there. i went on symantecs website and did not see anything on it.

    how do you get rid of it.

    AVG says to Delete it press D or something like that. But the computer freezes up.

    Please help

    thanks

    lamar
     
  2. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    anyone help me out?

    c:/windows/system/activescan/imscan.dll


    thats where it says it is

    and it says its

    vbs/new.love.a



    PLEASE HELP....
     
  3. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  4. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    adw.tenget.a & troj.peper.a 3 of 1 and 4 of the other were found..
    I am going to delete them..

    but my questions is did it harm anything on my computer
     
  5. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    now it says its unable to delete

    c:/restore/archive/fs178.cab and 179.cab


    so now what do I do?
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    If you have the peper.a trojan it is a bear to remove.

    The only two programs that I know of right now that will remove it are Nod32 and TDS-3.

    The best way and only real efficient way is to download TDS-3 from http://www.wilders.org/anti_trojans.htm
    and update it following the instructions here:
    http://tds.diamondcs.com.au/index.php?page=update

    This is a Trial version so you will have to do the update manually. The automatic update only works with the registered version which costs $49. When you dowload the update put the radius.td3 file in the C:/Program Files/TDS3 folder provided that is where you installed TDS3.

    Launch TDS-3 and click on "System Testing" then "Full System Scan" and the scan will begin.
     
  7. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    Is there a free way to get rid of this thing. I still cant get housecall to delete it. AVG calls it newlove and it goes into shock so i cant even turn it on because it freezes up.

    What is it doing to my computer?

    Thanks Lamar
     
  8. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    ok, I think i found one that was free called jammer, but I caqnt seem to get it to do a darn thing. ????

    thanks
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    If you have peper.a we can help you remove it. We have done it by a couple of different methods here in the last few days. If you will post a Hijack This log we can help.

    Also in your post above you said that something was found here:

    c:/restore/archive/fs178.cab and 179.cab

    That location is in system restore. All you have to do is turn off system restore and reboot and that will clear that up.
     
  10. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    Logfile of HijackThis v1.97.2
    Scan saved at 4:04:29 PM, on 10/26/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\AGNITUM\JAMMER 2.0\JAMMER.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Jammer] C:\PROGRAM FILES\AGNITUM\JAMMER 2.0\JAMMER.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.3887152778
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
     
  11. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    "That location is in system restore. All you have to do is turn off system restore and reboot and that will clear that up."

    I dont think I know how to do that? Sorry
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  13. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I don't see any evidence of any trojans in your log.

    If you had peper.a it would be obvious.

    It seems to me that all you have to do is turn system restore off. restart and then create a restore point.

    Also have Hijack This fix this one:

    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab

    See here for how to turn off System Restore:

    http://www.pchell.com/virus/systemrestore.shtml

    And here to create a restore point:

    http://www.winbookcorp.com/_technote/WBTA10000100.htm
     
  15. lamar_ashley

    lamar_ashley Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    108
    alright, i did a new scan on housecall and nothing has come up. I turned my restore back on and what not and im running housecall one more time.

    my last question....

    is the virus AVG finding (newlove) the same as what housecall was finding (peper.a)

    Do you think its safe to turn AVG back on? It freezes every time. Maybe I have a bad download of AVG all the sudden or maybe something infected it??

    Thanks again

    Lamar
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - finds love virus
  1. patrickj.dumas45
    Replies:
    0
    Views:
    366
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172441

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice