VIRUS!

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

I run AVG with an up to date database and with email protection enabled and
also Zonealarm, but today had a warning I had a virus.

AVG reported I had a Worm/Lovsan.A which showed up as
Windows\System32\MSLAUGH.EXE.

Can anyone tell me how this could have slipped thru my current virus
protection, a little worrying to say the least!

Thanks

G
 
To be sure I am virus free I went to the Housecall online Virus checker and
it found a malware.WORM_NACHI.A in my registry!!

How come AVG didn't detect a virus when it arrived on my PC, but found a
virus when I ran the virus checker?

Thanks for any advice!

G
 
Do you update your avg? having an anti-virus program that
has out of date definitions is not much better than none
at all
 
Mike

As I said in my original post, yes I have an up to date AVG database, I
check daily for updates.

Thanks anyway for the replies and I will go check the Windows security
updates mentioned.

G
 
Greetings --

If you have to ask, you're almost definitely running the 32-bit
version of WinXP. (I'm not trying to be facetious; I'm sure you'd
have noticed paying several thousand dollars more for the Itanium or
Itanium II CPU required to run the 64-bit version of WinXP Pro.)
There is no 64-bit version of WinXP Home.

Windows XP 64-Bit Edition Overview
http://www.microsoft.com/windowsxp/64bit/overview.asp

To verify for yourself, Click Start > Run, type in "Winver" and
press <Enter>. If the resulting dialog box does not _explicitly_
state that you have "Windows XP 64-Bit Edition," then you have a
32-bit OS.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Answers the question, thanks Bruce!

Bruce Chambers said:
Greetings --

If you have to ask, you're almost definitely running the 32-bit
version of WinXP. (I'm not trying to be facetious; I'm sure you'd
have noticed paying several thousand dollars more for the Itanium or
Itanium II CPU required to run the 64-bit version of WinXP Pro.)
There is no 64-bit version of WinXP Home.

Windows XP 64-Bit Edition Overview
http://www.microsoft.com/windowsxp/64bit/overview.asp

To verify for yourself, Click Start > Run, type in "Winver" and
press <Enter>. If the resulting dialog box does not _explicitly_
state that you have "Windows XP 64-Bit Edition," then you have a
32-bit OS.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
Click to expand...
 
Greetings --

You're welcome.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Which update do I download for XP 64 or 32bit?

Thanks

G
Click to expand...

Most likely you need the 32bit download. If you use Start> Run and type in
winver and click OK, a screen will appear. If you have a 64bit version of
XP installed, the screen that appears will state that fact.

PS: Your antivirus program's auto signature is showing October 10. May want
to check that this is the most current update to AVG that is available.

Some viruses are capable of goofing up your antivirus protection. You can
run an online scan if you suspect that might be the case. Here's links to a
few of the online scanners:
http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
http://housecall.trendmicro.com/
http://www.avp.ru/remoteviruschk.html
http://www3.ca.com/virusinfo/virusscan.aspx
 
More help needed please?



Just to recap on where I am now with this Virus thing. AVG healed the
Worm/Lovsan.A and Housecall Online Virus Checker also found something in my
registry, which it healed.



So I thought I was sorted, but tonight I have just got a message to say that
there is a worm/Lovsan.A virus in one of my XP restore files...



C: System Volume Info \restore { etc etc



I have just therefore run a complete AVG test again and it hasn't detected a
virus!!!??! So where did the message box on my screen earlier come from
telling me I had another virus and to run AVG to remove it??



So firstly, where is this file I cannot seems to find it or any restore
files? Also my experience of Windows ME was that you needed to be in Safe
Mode to delete restore files, but by pressing F8 or F9 on start up with XP
Home I cannot get into the menu to select Safe Mode.



Can anyone help please?



Many thanks



G
 
Greetings --

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, and
then re-enable System Restore, if you like. This will delete all of
your Restore Points, including the corrupted one(s), and allow you
start with a clean slate.

However, if you have Restore Points that you'd really rather not
lose, and know which one is corrupted:

How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531



Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
AV cannot access files in system restore - clean them out - Start /
Control Panel / System Restore - Check "Turn off ...", reboot, the
turn on System restore again.

John A
 
More help needed please?



Just to recap on where I am now with this Virus thing. AVG healed the
Worm/Lovsan.A and Housecall Online Virus Checker also found something in my
registry, which it healed.



So I thought I was sorted, but tonight I have just got a message to say that
there is a worm/Lovsan.A virus in one of my XP restore files...



C: System Volume Info \restore { etc etc



I have just therefore run a complete AVG test again and it hasn't detected a
virus!!!??! So where did the message box on my screen earlier come from
telling me I had another virus and to run AVG to remove it??



So firstly, where is this file I cannot seems to find it or any restore
files? Also my experience of Windows ME was that you needed to be in Safe
Mode to delete restore files, but by pressing F8 or F9 on start up with XP
Home I cannot get into the menu to select Safe Mode.



Can anyone help please?
Click to expand...

...\System Volume Information\ is where your System Restore points are kept.
It's not unusual to get a notice about a virus being stuck in there. Delete the
old restore points and you can get rid of it. You can do this by clearing all of
your restore points:

Method 1: Using System Properties, disable System Restore. Re-enable System
Restore

Method 2: Change the allotted amount of space reserved for System Restore.
Also done in System Properties.

Or you can create a restore point (if you're sure your system is clean now)
and then use Disk CleanUp to remove all but the most recent restore
point.

NOTE: I just had something similar happen here last week. A virus located
in folder reserved for newsgroup attachments was not deleted by my
antivirus program. Identified but not deleted. After manually deleting, it
was copied to the System Restore folders (*.EXE is a file type monitored
by System Restore). I promptly got a notice that there was now a virus in
System Restore. Cleared the Restore points and all was right with the
world once again. The system was never infected. It just had this virus file
floating around until I could delete it completely.

For a Safe Mode boot with XP, press F8 after POST and before Windows starts
to load. Timing can be tricky and it may take a few attempts before the
Advanced Start Menu appears where you can elect to start in safe mode.
 
Brilliant, thanks Sharon!


Sharon F said:
..\System Volume Information\ is where your System Restore points are kept.
It's not unusual to get a notice about a virus being stuck in there. Delete the
old restore points and you can get rid of it. You can do this by clearing all of
your restore points:

Method 1: Using System Properties, disable System Restore. Re-enable System
Restore

Method 2: Change the allotted amount of space reserved for System Restore.
Also done in System Properties.

Or you can create a restore point (if you're sure your system is clean now)
and then use Disk CleanUp to remove all but the most recent restore
point.

NOTE: I just had something similar happen here last week. A virus located
in folder reserved for newsgroup attachments was not deleted by my
antivirus program. Identified but not deleted. After manually deleting, it
was copied to the System Restore folders (*.EXE is a file type monitored
by System Restore). I promptly got a notice that there was now a virus in
System Restore. Cleared the Restore points and all was right with the
world once again. The system was never infected. It just had this virus file
floating around until I could delete it completely.

For a Safe Mode boot with XP, press F8 after POST and before Windows starts
to load. Timing can be tricky and it may take a few attempts before the
Advanced Start Menu appears where you can elect to start in safe mode.
Click to expand...
 
I run AVG with an up to date database and with email protection enabled and
also Zonealarm, but today had a warning I had a virus.

AVG reported I had a Worm/Lovsan.A which showed up as
Windows\System32\MSLAUGH.EXE.

Can anyone tell me how this could have slipped thru my current virus
protection, a little worrying to say the least!
Click to expand...
The AV software will not Stop Nachi or MSBlast/Lovsan viruses without
installing patches against reinfection over the internet (it uses a
different method to spread using vunerabilities in XP OS). D/L patches
from http://windowsupdate.microsoft.com

Peter Hutchison
Windows FAQ
http://www.pcguru.plus.com/
 
Back
Top