AVG still detects Win32/Heur virus after reformat

Status
Not open for further replies.
After having my computer reformatted by a professional, AVG still detects Win32/Heur virus. AVG 8 pops up after starting simple things like taskmanager and other programs saying that there are infected files. Please help me.
 
First do the below!

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

Most importantly update MalwareBytes (MBAM) and SuperAntiSpyware (SAS)!

Before you scan with either MalwareBytes or SuperAntiSpyWare do the Extra Configs below these have become most important lately

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and attach their logs.

Mike
 
I have made it to the step in the 8 step cleaner when I run SuperAntispyware. Once I run SAS it get a little ways through and my computer just reboots. My computer also rebotted after trying to remove the selected items that Malware-bytes found. Whats more is now AVG is warning me of Worm/Generic.VSI in nvtpm32.dll.

OMG....whats happening!? Please help!

Justin
 
Well that is what I advised and what you had to do but bad news! Do both MBAM and SAS again.

SAS has more to remove or give a clean log!

But you did not clean at all (log says "No action taken") with MBAM so you need to run again and this time remove the Malware.

So in Safe mode again run both. Attach logs.

Mike
 
So have you had any luck with this yet? I am experiencing the same thing right now. I have noticed it deals with user32.dll and nvtpm32.dll. I have tried combofix, which doesnt detect either of those as suspicious. Malware Anitbytes was able to detect nvtpm32.dll as a virus and would state it needed to delete on reboot, which it would.. but about 15-20 seconds after system has loaded up the file reappears and the user32.dll file ends up having the same timestamp.

I also did a full reformat, with 2 quick formats, and low and behold the virus is still here. I have not restored any of the data at all, unless it can affect a computer by being part of an acronis true image file by being listed in a dir.

So im thinking bios based?

this is on a compaq presario r3000
 
CGJustin1977 you have not completed my last post and are still infected!

gabaod you are getting if from somewhere.

Are these factory CD's have you used a FlashDrive or do you have other partitions on this HD or a secondary HD?

Create your own thread and post the answers.

Mike
 
Virut

Hopefully your not dealing with VIRUT. I dont know of one person who's successfully cleaned it and I work for a malware research company. for those with Virut my advice is: after updating all your virus scanners and then DISCONNECTING from the internet to scan with them run an SFC scan to replace all windows files. dont reconnect to the internet until your completely done disinfecting and then replacing those windows files. Virut infects almost all exes on the machine. Dont insert any flash drives - because your infect the autorun in those as well and any machine you put these in will be infected. Also, if your connected to a home network - disconnect...Basically isolate your computer.

Malwarebytes recommends reformatting if that tells you anything...

anyway, thats my two cents worth. good luck!
 
Status
Not open for further replies.
Back