Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 02-06-2004, 17:33   #1
Big A
OTBC
 
Join Date: Jun 2002
Location: East
Posts: 3,771
Thanks: 35
Thanked 7 Times in 7 Posts
Removing viruses with Avast Antivirus

I've downloaded avast about a month ago and i hav e created a Virus database thingy but everytime i try to repair a virus it fails.

Can anyone tell me firstly how the virus recovery database thing works and secondly what i am doing wrong. The software seems really good at detecting the viruses but it never actually repairs them and i don't want to delete what might be an important file.

I am currently running a scan now so i will post up the viruses it finds .

thanks in advance for any help

Big A is offline   Reply With Quote
Old 02-06-2004, 17:54   #2
Big A
OTBC
 
Join Date: Jun 2002
Location: East
Posts: 3,771
Thanks: 35
Thanked 7 Times in 7 Posts
ok,

here are 2 just found that i am unable to repair:

WIN32:ESEPOR-B [Trj] in tksrv98.exe and tmksrvu.exe

WIN32:RPCExploit [Trj] in svchost.exe.mdmp

I have a feeling that svchost one is a pain to get rid of.

Anyone got any idea how i can get rid of these, i've just downloaded avasts virus cleaner thing which is running through my system now, is this likely to sort the problem.

Last edited by Big A; 02-06-2004 at 17:55.
Big A is offline   Reply With Quote
Old 02-06-2004, 18:21   #3
Guest 21014
Trusted User
 
Join Date: Aug 2002
Location: In a Tree in Louisiana
Posts: 1,438
Thanks: 1
Thanked 0 Times in 0 Posts
Avast should sort it all for you if it's detected it then it should manage it, at least on those two. However if not then some more info for you:

1)
tksrv98.exe & tmksrvu.exe according to McAfee:
Quote:
This is not a virus or trojan. It is a direct-marketing adware application. This application generates extra pop-up ads that may or may not be related to the current browsing content while using Internet Explorer.
Adaware would probably kill it too.

2)
svchost.exe.mdmp is simply a memory dump from a svchost.exe (critical windows file) crash. You obviously had a virus using the RPC exploit at some point which crashed svchost.exe which would have then dumped memory to file.
As the virus was in memory it also got put in the memory dump. Completely harmless in there as it's just a log file, just your anti-virus software spotted the virus's pattern in it and got worried. You should just be able to go in and delete the file, make sure you get the one with the .mdmp on the end [Tools/Options/View to unhide file extensions if needed]

but.... Blaster worm is the main one that does the RPC crash, if you've got rid of it in the past and patched up then great no worries. If not then it may be wise to run this to see if you have it (assumung Avast doesn't get it on your current scan) and then patch Windows!
Guest 21014 is offline   Reply With Quote
Old 02-06-2004, 18:23   #4
Guest 34999
The **** Has Hit The Fan
 
Join Date: Sep 2003
Location: Shropshire
Posts: 674
Thanks: 0
Thanked 0 Times in 0 Posts
Smile

Have you disabled system restore?.
Guest 34999 is offline   Reply With Quote
Old 02-06-2004, 18:33   #5
Big A
OTBC
 
Join Date: Jun 2002
Location: East
Posts: 3,771
Thanks: 35
Thanked 7 Times in 7 Posts
Thanks for the help guys, much appreciated!

I haven't disabled system restore, does this matter?

With regard to the blaster worm, i've had it in the past and used the 'stinger' thing to detect and get rid of it, so this should mean i'm protected against it, besides, avast doesn't seem to have found blaster on my HD this time.

I'll delete the svchost.exe.mdmp file then and make sure i keep running ad aware and spybot to take care of the others.

thanks again
Big A is offline   Reply With Quote
Old 02-06-2004, 18:35   #6
Radiohead
Vanderlyle Crybaby Geek
 
Radiohead's Avatar
 
Join Date: Mar 2000
Location: Button Moon
Posts: 24,884
Thanks: 37
Thanked 194 Times in 134 Posts
Quote:
Originally posted by Big A


With regard to the blaster worm, i've had it in the past and used the 'stinger' thing to detect and get rid of it, so this should mean i'm protected against it....
Only if you have subsequently run Windows Update to apply the patch relating to the RPC exploit....
__________________
Documentary Wedding Photographer | "Hills, more hills, nothing but hills. I thought it would never end" - Rene Pottier
Radiohead is offline   Reply With Quote
Old 02-06-2004, 18:50   #7
Guest 21014
Trusted User
 
Join Date: Aug 2002
Location: In a Tree in Louisiana
Posts: 1,438
Thanks: 1
Thanked 0 Times in 0 Posts
Radiohead answered the Blaster Worm question.

As far as system restore goes though what happens is that it backs up your files so you can restore them if something goes wrong. These files are protected and untouchable. So if something that is infected got backed up in there then your anti-virus proggy will tell you about it, but be helpless. You should be able to tell if the virus is in system restore from the path the infected file is at - unfortunatly I can't remember what the path is off hand..

But it can't do any harm unless you do a restore. What you can do is:
Quote:
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System, and then click the Performance tab.
3. Click File System, and then click the Troubleshooting tab.
4. Uncheck Disable System Restore.
5. Click OK. Click Yes, when you are prompted to restart Windows.
This will clear all restore points. Turn it back on when you've finished cleaning up other viruses.
Guest 21014 is offline   Reply With Quote
Old 02-06-2004, 18:53   #8
Big A
OTBC
 
Join Date: Jun 2002
Location: East
Posts: 3,771
Thanks: 35
Thanked 7 Times in 7 Posts
OK thanks Radiohead, i've just checked and the blaster hasn't been picked up by avast and from what i can tell i've already got the patch. I've just looked through the windows update however and there are a few things i haven't downloaded so i'll get those up-to-date asap.

These updates are a pain in the arse for those of us with a dial up connection
Big A is offline   Reply With Quote
Old 02-06-2004, 19:27   #9
Radiohead
Vanderlyle Crybaby Geek
 
Radiohead's Avatar
 
Join Date: Mar 2000
Location: Button Moon
Posts: 24,884
Thanks: 37
Thanked 194 Times in 134 Posts
Tell me about it - I'm on ISDN and it's a nightmare. I tend to run it once a week now and it keeps on top of things.
Radiohead is offline   Reply With Quote
Old 02-06-2004, 20:12   #10
Guest 34999
The **** Has Hit The Fan
 
Join Date: Sep 2003
Location: Shropshire
Posts: 674
Thanks: 0
Thanked 0 Times in 0 Posts
Smile

Quote:
Originally posted by Big A
These updates are a pain in the arse for those of us with a dial up connection
If you search in here, i posted a link to a free Microsoft Security Update cd, i got mine through the other day and it was dated as Feb 2004 so has most of the major patches on it, leaving only a few to download...


*EDIT*

http://www.microsoft.com/security/protect/cd/order.asp


Last edited by jon bda; 02-06-2004 at 20:13.
Guest 34999 is offline   Reply With Quote
Old 02-06-2004, 21:13   #11
Big A
OTBC
 
Join Date: Jun 2002
Location: East
Posts: 3,771
Thanks: 35
Thanked 7 Times in 7 Posts
Yep, cheers jon. I got that CD through a few weeks back. Will come in handy should i ever need to reinstall xp again.
Big A is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

All times are GMT. The time now is 04:29.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.