1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG Shows Virus Present, but Gives no Option for Fixing

Discussion in 'Virus & Other Malware Removal' started by CackleBox, Aug 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    Hello,
    Most of the time I am away from the computer when the AVG completes its scan. Today I was here, but was on another webpage when it ran. When I went back to the desktop, there was an AVG message that said VIRUS FOUND, and indicating that the virus had not been healed or isolated.

    I opened the AVG control center to see what it was, and found that there seems to be 25 infected files on each scan going all the way back to 6/07. I also checked the virus vault, and there is nothing listed as being saved there today, everything there goes back to 2005.

    How do I get rid of this now? I have looked at everything AVG has, and I don't even know what kind of virus it is, nor the path. Can anybody help me?
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    Hi and welcome to TSG,


    Please do this:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    Hi cookiegal,

    I already had HJT on my system, so I tried to do a scan, and I got an error message, but when I clicked the error message closed, I got this:



    Logfile of HijackThis v1.99.1
    Scan saved at 10:19:54 AM, on 8/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\VetMsgNT.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\Fast.exe
    C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
    C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\Road Runner\Road Runner PhotoShow 4\data\xtras\mssysmgr.exe
    C:\Program Files\Advanced WindowsCare V2\Awc.exe
    C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\CAROL REID\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\Road Runner\Road Runner PhotoShow 4\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Advanced WindowsCare] "C:\Program Files\Advanced WindowsCare V2\Awc.exe" /startup
    O4 - HKCU\..\Run: [Uniblue Quick Access] "C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: EZ Firewall.lnk = ?
    O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {0AFBAB6C-89D7-4271-8FA1-FB9020E966AB} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://tmaster.superb.net/tm2002oneclick/setup.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I should maybe tell you that I use the Firefox browser, but I went to MS and downloaded the upgrade for IE 7 beta yesterday. I also hooked up a new monitor on Sunday. Don't know if this matters or not.

    Can you help me? Thanks.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    It's not good to be running two anti-virus programs as they will conflict with each other. You need to decide which one you want to keep and remove the other. This could be causing false positives.

    AVG keeps a log so you should be able to find the paths and names of the files found. Please post that here.
     
  5. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    I tried to copy the names of the infected items from the AVG report, but right click wouldn't give me the copy option. But I noticed that all but two of them were the same thing, and in the same location. So I typed it:

    Documents and settings\application D Virus identified Java/ByteVerify (There are a bunch of these)

    Documents and settings\application D Trojan horse Generic SVD(There is only 1 of these)

    Documents and settings\application D Trojan horse startpage ADE(There is only 1 of these).
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    I need the rest of the path please for all but the Java one:

    Documents and settings\application D........
     
  7. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    Okay, all of them are the java byte thing, except for these two trojans:

    c:/Documents and settings\Carol Reid\Application Data\Sun\java\deployment\javap1w1.0\jar\jar.\jar-3f1991e2\3131497b.zip.web.exe

    c:/Documents and settings\Carol Reid\Application Data\Sun\java\deployment\javap1w1.0\jar\jar.\jar-73a13bb7-365d6a96\.zip.web.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    They are in the java cache so this should take care of them.

    • Go to the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
      • Downloaded Applications
      • Other Files
    • Click OK on Delete Temporary Files Window
    • Click OK to leave the Java Control Panel.
     
  9. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    Thank you so much, cookie! I am running another AVG scan now to see if shows them gone.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    Please let me know. :)
     
  11. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    I ran another scan after clearing the java cache, and the viruses are still coming up. Most of them say "imbedded object," but a couple of them say "archive." Do you think they are gone? Thanks for your input.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    I suggest that you uninstall Java completely via the Control panel.

    Now go here and install the latest version of Java.


    Let me know how that goes please.
     
  13. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    Ok, I did what you said. Went to add/remove programs and tried to remove java. (For some reason, there were two java programs in the add/remove list, and I uninstalled both of them. I got this message:

    Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1\lib\applet'.
    Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext'.
    Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1\bin'.
    Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1\lib'.
    Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1'.
    Unable to delete folder 'C:\Program Files\JavaSoft\JRE'.
    Unable to delete folder 'C:\Program Files\JavaSoft'.

    I also used the add/remove to get rid of the
    ez trust antivirus program.
    I'm beginning to get really worried. What now?
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,879
    Remove Java in safe mode.
     
  15. CackleBox

    CackleBox Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    27
    I restarted in safe mode, then went to add/remove programs. There were 3 java programs in the list (one is the update 6 that I just downloaded today when I thought I had removed the other 2). When I tried to uninstall them, I got an error message that windows couldn't run the uninstaller because I was in safe mode.
    AVG gives me the option of going to the infected files through the scan report. It takes me to the folder, and high-lights the file. Can I just delete the files AVG reports as infected, or do they have to be uninstalled? And if I delete the files, won't the virus still be on my system?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488398

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice