nass wrote:
:
I am on XP MCE with the latest security updates. When I returned
the system from suspend, AVAST warned me that it found a virus
"TDispVol.dll" in C:\WINDOWS\system32 and asked me what to do with
it. I told it to send it to the "Chest", which it did. I then ran
Avast to check the entire system thoroughly and it found nothing
more.
Should I do anything else? What is TDispVol.dll? Is it something
that replaced a normal file that should be in XP and that I should
replace from backup?
Thanks.
As Malke mentioned this a Toshiba file been infected by:
not-a-virus: Monitor.Win32.AKL.25, try to use Avast feature to scan
on Boot up and remove the Infected file Automatically.
Then Try to Turn the System Restore OFF then ON to delete the
infected Restore Points, you can perform these cleaning steps if
the Avast scan will detect the Virus/infection again:
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option: [&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box. Then click on Programs Tab and click Manage Add-Ons and Disable
all non Verified Add-Ons (You should Renable them later one-by-one
and see the culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware.
Post your log to
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other
appropriate forums for expert analysis, not here.
HTH.
Let us know how it is going.
nass
----
http://www.nasstec.co.uk
Should I do all this even though Avast now no longer finds a virus in
that file? Maybe they corrected their database.
As Malke mentioned this a Toshiba file been infected by:
not-a-virus: Monitor.Win32.AKL.25,
Not sure I understand "not-a-virus". Is that just its name or is it
not a virus?
Jeff
