Lovsan.a Worm

  • Thread starter Thread starter Gray Owl
  • Start date Start date
G

Gray Owl

It appears at one time I had this virus when configuring my new machine
using XP-Pro and before getting all security updates. My machine is now
tightened up but AVG reports from the shield program that this virus still
exists, but AVG scan and other virus checkers show my machine is clean.

AVG tech support have been useless on this one and want a registered license
before even looking at the problem.

Any ideas how to rid my AVG shield of this problem if a problem really
exists?

Regards
 
It appears at one time I had this virus when configuring my new machine
using XP-Pro and before getting all security updates. My machine is now
tightened up but AVG reports from the shield program that this virus still
exists, but AVG scan and other virus checkers show my machine is clean.

AVG tech support have been useless on this one and want a registered
license before even looking at the problem.

Any ideas how to rid my AVG shield of this problem if a problem really
exists?

Regards
Click to expand...

Perhaps it is in your system restore volume which means the OS will not
permit access to it by AVG. If so ... disable restore, reboot, run AVG to
clean it, reboot and restore "restore"
 
Thanks did that and AVG did not see it even then.. Perhaps it's a leftover
bit when AVG cleaned it initially but now it's not smart enough to know it's
gone ??

Dan Shackelford said:
It appears at one time I had this virus when configuring my new machine
using XP-Pro and before getting all security updates. My machine is now
tightened up but AVG reports from the shield program that this virus still
exists, but AVG scan and other virus checkers show my machine is clean.

AVG tech support have been useless on this one and want a registered
license before even looking at the problem.

Any ideas how to rid my AVG shield of this problem if a problem really
exists?

Regards
Click to expand...

Perhaps it is in your system restore volume which means the OS will not
permit access to it by AVG. If so ... disable restore, reboot, run AVG to
clean it, reboot and restore "restore"
Click to expand...
 
Thanks did that and AVG did not see it even then.. Perhaps it's a leftover
bit when AVG cleaned it initially but now it's not smart enough to know
it's gone ??
Click to expand...

Did the "other virus checkers" also report no infection after you disabled
system restore and rebooted?

Specifically, word for word, what is the virus msg from AVG when it is
detected by the shield?
 
Yes that is correct it's clean when using AVAST ,TREND, SYMANTIC and F-PROT.


Dan Shackelford said:
Thanks did that and AVG did not see it even then.. Perhaps it's a leftover
bit when AVG cleaned it initially but now it's not smart enough to know
it's gone ??
Click to expand...

Did the "other virus checkers" also report no infection after you disabled
system restore and rebooted?

Specifically, word for word, what is the virus msg from AVG when it is
detected by the shield?
Click to expand...
 
Yes that is correct it's clean when using AVAST ,TREND, SYMANTIC and
F-PROT.
Click to expand...

Still need to know the words of the AVG message saying it is finding the
virus. Maybe the virus is in the vault or quarantined and therefore not a
problem?
 
It said it was in one of the restore files.. The vault was clean.

I am monitoring it today and have not seem it yet ??

Dan Shackelford said:
Yes that is correct it's clean when using AVAST ,TREND, SYMANTIC and
F-PROT.
Click to expand...

Still need to know the words of the AVG message saying it is finding the
virus. Maybe the virus is in the vault or quarantined and therefore not a
problem?
Click to expand...
 
It said it was in one of the restore files.. The vault was clean.

I am monitoring it today and have not seem it yet ??
Click to expand...

You realize that I suggested to you several messages ago that the likely
problem, that the system restore file had the infection and that meant no
antivirus program could clean it because the OS will not permit access to
the restore files from any program. I said to disable restore, reboot,
rescan and clean with AVG, reboot and reestablish the restore point again.
You said you did that and it still showed up. It sounds like that is
incorrect because it no longer shows up at all, that in fact AVG did
remove it from your restore file once you had disabled restore, and that
you are clean now.

So, did you disable "restore" and reboot, run AVG which removed the last
remnant from the restore file, reboot and enable restore again? If so,
since that time, has AVG indicated everything was OK? Have you done a full
scan with AVG to see if it is still present? Have I wasted my time trying
to help you when it was cured days ago?
 
Gray Owl said:
It said it was in one of the restore files.. The vault was clean.

I am monitoring it today and have not seem it yet ??
Click to expand...

If you purge the restore points, does it eventually return?
If so, maybe the machine isn't really patched against the
DCOM RPC exploit.

I think it works like this:

If the exploit is successful, the worm file first exists as a temp
file for the TFTP's output and is duly caught by the on access
antivirus software. When said software attempts to delete the
temporary file the OS interrupts the process and then makes
a backup and places it into the restore folder (again).
 
Many thanks that make more sense.. I deleted all internet temp files as a
precaution and perhaps that cleaned it up.. When I reran AVG it at no time
responded with a found virus.

Your post was the most helpful..

Thanks

Gray
 
Back
Top