First I'd like to say that I have read the thread about how to remove this virus from \System Volume Info\... however, you wouldn't have thought I had it if it weren't for the persistent avg warnings.
I have up-to-date versions of Spybot and Adaware and there's doesn't seem to be anything abnormal in the registry at first glance yet it still persists. I'm really quite stuck as to what to do next to rid my machine of this.
My HijackThis log is as follows:
Logfile of HijackThis v.1.97.7
Scan saved at 12:25:20, on 07/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running Processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG-6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSERV.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave Activex Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.1514814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
There's nothing hazardous here so far as I can see. Any suggestions as to how to remove are greatly appreciated.
Thanks guys!
Pen.
I have up-to-date versions of Spybot and Adaware and there's doesn't seem to be anything abnormal in the registry at first glance yet it still persists. I'm really quite stuck as to what to do next to rid my machine of this.
My HijackThis log is as follows:
Logfile of HijackThis v.1.97.7
Scan saved at 12:25:20, on 07/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running Processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG-6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSERV.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave Activex Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.1514814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
There's nothing hazardous here so far as I can see. Any suggestions as to how to remove are greatly appreciated.
Thanks guys!
Pen.