PDA

View Full Version : Help cleaning up a relatives PC

gregh
07-11-2004, 18:43
I offered to help sort out someones PC!

Ran Grisoft AVG, AD-Aware and Spybot, installed Sygate, and thought I'd cleaned it all up, but it appears not!

Tried Norton 2002 which found no virus!

Tried these 2 online scanners which found virus but couldn't disenfect.

http://www.ravantivirus.com/scan

http://www.bitdefender.com/scan/Msie/index.php

Log from Bitdefender below. Can anyone tell me how I can clean this PC up?
AVG only finds Dropper.Delf.3.L


C:\Program Files\Windows SyncroAd\CComm.dll: infected with Adware.SyncroAD C:\Program Files\Windows SyncroAd\CComm.dll: disinfection failed C:\Program Files\Windows SyncroAd\SyncroAd.exe=>(Upx): infected with Adware.SyncroAD C:\Program Files\Windows SyncroAd\SyncroAd.exe=>(Upx): disinfection failed C:\Program Files\Windows SyncroAd\WinSync.exe: infected with Adware.SyncroAD C:\Program Files\Windows SyncroAd\WinSync.exe: disinfection failed C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027324.exe:
infected with Adware.Serchentrix.A
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027324.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027326.exe=>(CExe
r)=>(MS-Compress 5): infected with Trojan.Downloader.Agent.AE C:\System Volume Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027326.exe=>(CExe
r)=>(MS-Compress 5): disinfection failed C:\System Volume Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027336.exe=>(CExe
r)=>(MS-Compress 5): infected with Trojan.Downloader.Agent.AE C:\System Volume Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027336.exe=>(CExe
r)=>(MS-Compress 5): disinfection failed C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027339.exe:
infected with Adware.Serchentrix.A
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027339.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027482.dll:
infected with Adware.Wupd
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP186\A0027482.dll:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027749.dll:
infected with Adware.SyncroAD
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027749.dll:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027750.exe=>(Upx):
infected with Adware.SyncroAD
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027750.exe=>(Upx):
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027751.exe:
infected with Adware.SyncroAD
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP192\A0027751.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP194\A0027809.exe:
infected with Adware.180Solutions.5.11
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP194\A0027809.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP203\A0028227.exe:
infected with Adware.Bargan.A
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP203\A0028227.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028250.exe=>(CExe
r)=>(MS-Compress 5): infected with Trojan.Downloader.Agent.AE C:\System Volume Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028250.exe=>(CExe
r)=>(MS-Compress 5): disinfection failed C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028251.exe:
infected with Adware.Serchentrix.A
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028251.exe:
disinfection failed
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028270.dll:
infected with Adware.NaviSrch.A
C:\System Volume
Information\_restore{758325F3-C511-464B-812C-4D2296C54C9C**\RP204\A0028270.dll:
disinfection failed
C:\temp\WebRebates_Auto_InstallSilent_Euro.exe=>(NSIS o)=>zlib_nsis0001:
infected with Application.ProcKill.Jk


cheers,

Greg
kohoutec
07-11-2004, 18:57
turn off system restore to delete the restore points that have the virus lurking in them, then turn it back on :thumbs:
Faythur
07-11-2004, 22:38
After rebooting in between...the off and on
ljp
08-11-2004, 07:35
try using Pandasoftware.com it has a good online virus checker.

http://www.pandasoftware.com/home/default.asp
gregh
08-11-2004, 08:11
It's been an interesting experience this, neither Pandasoftware nor Norton AntiVirus 2002 find any virus on the PC!!

I'll try turning off restore and re-running the programs.

thanks,

greg
Uncle Nick
08-11-2004, 11:14
That's because technically what you've got isn't a virus. It's yer bog-standard ad-/spy-/malware. Get to the SPYWARE STICKY at the top of this forum, and use (with the updates) Ad-Aware and Spybot S+D. If that doesn't work, use Hijackthis! along with the auto-analyser website, or post your logfile here for us to <strike>laugh at</strike> help with.
gregh
08-11-2004, 15:13
Nick,

I've already run all those programs, it's the read only nature of the restore files which appears to be preventing a clean up happening!

I'm just about to try turning restore off

cheers,

greg