AVG virus vault?

By IH8PunkRok
Sep 25, 2006
Topic Status:
Not open for further replies.
  1. when a virus is in the virus vault does that mean the virus cannot do any damage?
    and if i tell it to empty the vault does it delete the virus permanantly?

    (slightly off subject)
    i have backup copies of trojans that i cant seem to get rid of, wut do i do?

    thanx
    -rok
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Yes, a virus in the virus vault can`t do any damage.

    When you empty the virus vault the files are deleted.

    Can you explain exactly what you mean? Where are these backups stored?

    Regards Howard :)
  3. IH8PunkRok

    IH8PunkRok Newcomer, in training Topic Starter Posts: 120

    well avg got rid of two trojans and apparently they copied themselves cause they are back again but it says they are backup files
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Can you give me the filepaths to the trojans?

    I also suggest you post a HJT log as per these instructions HERE.

    Regards Howard :)
  5. IH8PunkRok

    IH8PunkRok Newcomer, in training Topic Starter Posts: 120

    ok the file destination for one is
    C:\DOCUMEN~1\Matty\LOCALS~1\Temp\!update.exe

    where do i get the hijackthis program?
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    !update.exe

    Close task manager.

    Delete the following bold file.

    C:\DOCUMEN~1\Matty\LOCALS~1\Temp\!update.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    The link to where to get HJT is in the instructions I gave you.


    Regards Howard :)

    This thread is for the use of IH8PunkRok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. IH8PunkRok

    IH8PunkRok Newcomer, in training Topic Starter Posts: 120

    ok hers the HJT log
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your system is infected with all kinds of crap.

    Go HERE and follow the instructions exactly.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of IH8PunkRok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. IH8PunkRok

    IH8PunkRok Newcomer, in training Topic Starter Posts: 120

    aight i did everything u told me too
    check it out
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Well done, your HJT log is almost clean.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R3 - URLSearchHook: (no name) - {CC3EB4F8-2939-7FEE-47F2-74E2EC73239A} - (no file)

    R3 - URLSearchHook: (no name) - {9769E3F9-283B-7FBE-10F2-74E2EC73209C} - C:\WINDOWS\system32\gteq.dll (file missing)

    O2 - BHO: (no name) - {9769E3F9-283B-7FBE-10F2-74E2EC73209C} - C:\WINDOWS\system32\gteq.dll (file missing)

    O2 - BHO: (no name) - {CC3EB4F8-2939-7FEE-47F2-74E2EC73239A} - (no file)

    O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab

    Click on the fix checked button.

    Close HJT.

    Delete all files in Ewido quarantine.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running

    Regards Howard :)

    This thread is for the use of IH8PunkRok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. IH8PunkRok

    IH8PunkRok Newcomer, in training Topic Starter Posts: 120

    ok heres the new one
     
  12. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Absolutely clean as a whistle mate.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of IH8PunkRok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.