1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

question about Symantec scan

Discussion in 'Virus & Other Malware Removal' started by starchild, Sep 23, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I downloaded and ran the Symantec scan (given above) to look for the swenA worm.

    I didn't think I have it (the virus) but have seen indications it's in some of the files in WINDOWS\TEMP

    My AVG anti virus has picked up on those. It brings up a page and asks if the file should be accessed and has Yes No Heal. Since NO is highlighted, and seems safest I click this.

    When I started scanning with the Symantec, when it came to one of the TEMP files that has the worm, the AVG page still comes up (it says AVG resident shield on top) with the same 3 options.

    I click N and it continues on.

    I disabled the active scanning function of AVG, thinking it was getting in the way of the Symantec one. But when it gets to those files (there are 3 or 4) the AVG resident shield page still comes up, and I click N

    At the end of the Symantec scan, it said the SwenA worm was NOT found in my computer.

    Was this because I was clicking N (no) to accessing it on the AVG page?

    Maybe I should have clicked YES, while the Symantec was running and it would have cleaned it or deleted it?

    I'm not sure how to disable the resident shield in AVG, I thought right clicking on icon on the taskbar and clicking "shutdown AVG control center" would do it, but apparently it's still running in the background.

    Since the worm is in TEMP files, it seems like it might be easy to delete them, with no problem. I found the TEMP INTERNET FILES in WINDOWS and deleted them (they all looked like cookies), is there another one?

    If I find the infected files (by name) in FIND can I just right click on them and delete them?

    I'm not used to dealing with virus files and don't want to do anything that might infect other parts of the computer. I've read some of the directions for getting rid of the worm, like going into the registry, etc. and can't follow it. Nothing has indicated my computer actually HAS the worm, just a few files.

    I also have run "The Stinger" the free download on the McAfee site, which lists this worm, and it says it didn't find it.

    Maybe having it come up in the TEMP files isn't a problem?

    They are WIN/Temp DYIOCKS.EXE, OEAO (I thought was DEAD) and ACK8825.EXE

    I can only find them through FIND.

    Thanks,

    ~ Carrie
     
  2. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    To get rid of the Resident Shield, you need to right click on the AVG taskbar icon, go into the "Run AVG Control Center" option and then uncheck the appropriate option (It's in the bottom left). You can then use the Symantec scan or whatever you need to do.

    Out of interest, did you try using the HEAL option that came up?
     
  3. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    Thanks, I'll try that.

    I didn't try the Heal option, I'm not experienced with settings like that, I know Y is Yes and N is NO, so I guess H would be heal?

    I don't remember just what it said on the page now (I panic when I see it :) but I think it said something about it not being able to clean it.

    I saw that somewhere (with AVG) maybe the boxes that came up in OE when it would come in, in an email. It did this several times, even thought I have it set to not let in attachmetns. I think it was "returned mail" or something that didn't come directly in the IN box like a new email. It said it was unable to clean it out.

    This is all kind of new to me (viruses and dealing with them).

    The rare times AVG has found a virus, usually it just says it has contained or quarentened it. I just had to check OKAY.

    I'll let you know what what happens next...

    ~ Carrie
     
  4. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    Okay, I used the Symantic (with the AVG resident shield disabled) and it deleted 4 files with the worm in them, but (overall) my computer wasn't actually infected. Unless it being in 4 files (that could be deleted) was infected.

    I put AVG back on.

    Just that the emails are still coming in my Yahoo email (I have to go in every few hours and dump the bulk mail) and Outlook Express, continually. I set up a new ID for the newgroup, but had to use the Earthlink dialup info, so now getting emails in the new ID mail.

    It has to stop at some point, right?

    Thanks for the help. I tend to panic when I'm not sure what to do, or have something come up I don't really know about.

    And if AVG does find another one and bring up the red warning screen, I'll try hitting H (for heal?) and see what happens.

    I kind of think this worm is "unhealable" though. In the past when AVG has found a virus file it says it has removed it or quarantined it.

    ~ Carrie
     
  5. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
    Carrie,

    Are these emails coming from email addresses of people you know or just random ? If the former then its often the case that someone you know has an infected machine and the virus is sending itself to everyone in the user's address book. If so try to contact them and get them to scan / clean their pc also.



    Richard.

    RSM.
     
  6. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    No, they're not coming from anyone I know.

    Maybe in the beginning, when I first started getting a few of the Microsoft patch ones every day or so (for about 6 months) some would be FF and I'd seen people from the newgroup I go on.

    Since last Thurs night, when this started, the ones I've looked at haven't been at all familiar. Some even seem like foreign countries (going by the name and email).

    For a few days I was looking in PROPERTIES and getting the sending email (the one on the virus says "Microsoft" or a fake address) and sending a note back telling them "your computer is sending a virus, letting you know in case you aren't aware". Not sure if the virus would let it go in, or not.

    For awhile I was also sending the link to "The Stinger" which I had gotten elsewhere.

    A few people wrote back and said thank you for letting me know. One said he'd used the Stinger and gotten the virus out.

    Of course, if I don't go over all the emails coming in, I wouldn't see if anyone responded or not. SOME of them came back, saying they couldn't be delivered, the user's email was over quota (maybe from others coming back)

    The ones that came back (I think) had the attachment still on it, and the AVG would popup a box saying this. Where ones that come straight into the IN box (not returned) have the attachment taken out.

    I finally set up a message rule saying to auto delete anything from or in the subject, with keywords... Microsoft, MSN, postmaster (returned mail, real or fake) Internet, Critical, Upgrade, Patch. But, the last time I checked, it seemed like mail was coming in with totally new and different subject and from.

    Like it's changing it as it goes along.

    Yahoo mail, they mainly go into bulk and I have to go in ever few hours and dump it, so any real mail can get in.

    At first I thought it would help to let people know about it, but at this point, it got to be too much.

    I do think I am getting so much because of the newgroup I'm subbed to (and wasn't smart enough to have a fake email address on, long before this started). It started from that, and now has snowballed.

    ~ Carrie
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - question Symantec scan
  1. Closed100
    Replies:
    0
    Views:
    479
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166864

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice