Win32/Heur Virus running AVG 8.5 with Acer 6930 laptop

By Lornick
Jan 7, 2010
Topic Status:
Not open for further replies.
  1. AVG is picking 13 Virus in my computer..having probs removing them, says its removed them and then it finds em again. Running windows vista, using ACER aspire 6930 laptop.

    Virus names are as follows:

    Win32/Heur 9 in total
    Trojan Horse Adload_r.KN 3 in total

    Will Appreciate any help, and i am not a computer wiz I am a beginer, so please be patient.

    Thankyou
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,732   +156

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Lornick, Win32Heur often goes with Virut. That is a bad malware infection that morphs into a different files when you remove one. I suggest you run through this first:

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    Usually we have you go through the malware removal steps Tmagic mentioned first. But I've seen Virut so often with the Win32Heur find by AVG, I think it's worth running the scan- paste the log in next reply when done.

    I promise we'll be patient! But sometimes it an be best to cut to the chase first!
  4. Lornick

    Lornick Newcomer, in training Topic Starter

    Thank you very much for your reply..I shall try i straight away and post up the results for u your patients is very much appreciated ty
  5. Lornick

    Lornick Newcomer, in training Topic Starter

    HI Bobbye,

    Just a quick update to my current situation, i uninstall AVG and installed Avira AntiVir Personal instead to see if that helped fix my problem..unsure if it has tho it did detect added virus that AVG did not..it did not repair the files but i sent them to quaranteen..hopefully this helps

    This is the results from uploading: c:\windows\system32\userinit.exe at the website you suggested

    VirSCAN.org Scanned Report :
    Scanned time : 2010/01/10 06:46:45 (EST)
    Scanner results: Scanners did not find malware!
    File Name : userinit.exe
    File Size : 25088 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 0e135526e9785d085bcd9aede6fbcbf9
    SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
    Online report : http://virscan.org/report/746bca02cb609bba59282686e5e5ba7e.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100109234514 2010-01-09 4.63 -
    AhnLab V3 2010.01.09.02 2010.01.09 2010-01-09 1.31 -
    AntiVir 8.2.1.134 7.10.2.151 2010-01-08 0.05 -
    Antiy 2.0.18 20100108.3621411 2010-01-08 0.12 -
    Arcavir 2009 201001081341 2010-01-08 0.03 -
    Authentium 5.1.1 201001091522 2010-01-09 1.32 -
    AVAST! 4.7.4 100109-0 2010-01-09 0.01 -
    AVG 8.5.288 270.14.131/2609 2010-01-09 0.30 -
    BitDefender 7.81008.4847615 7.29800 2010-01-10 4.13 -
    CA (VET) 35.1.0 7225 2010-01-07 11.88 -
    ClamAV 0.95.2 10275 2010-01-09 0.01 -
    Comodo 3.13.579 3409 2010-01-09 1.33 -
    CP Secure 1.3.0.5 2010.01.09 2010-01-09 0.04 -
    Dr.Web 4.44.0.9170 2010.01.09 2010-01-09 8.38 -
    F-Prot 4.4.4.56 20100109 2010-01-09 1.41 -
    F-Secure 7.02.73807 2010.01.09.04 2010-01-09 9.38 -
    Fortinet 11.354- 11.354 2010-01-09 0.21 -
    GData 19.9871/19.667 20100109 2010-01-09 8.29 -
    ViRobot 20100108 2010.01.08 2010-01-08 0.61 -
    Ikarus T3.1.01.80 2010.01.09.74929 2010-01-09 4.38 -
    JiangMin 13.0.900 2010.01.09 2010-01-09 20.03 -
    Kaspersky 5.5.10 2010.01.09 2010-01-09 0.07 -
    KingSoft 2009.2.5.15 2010.1.9.22 2010-01-09 1.76 -
    McAfee 5.3.00 5856 2010-01-09 3.40 -
    Microsoft 1.5302 2010.01.09 2010-01-09 7.14 -
    Norman 6.01.09 6.01.00 2010-01-09 4.01 -
    Panda 9.05.01 2010.01.09 2010-01-09 3.63 -
    Trend Micro 9.120-1004 6.758.06 2010-01-09 0.03 -
    Quick Heal 10.00 2010.01.09 2010-01-09 1.57 -
    Rising 20.0 22.29.05.04 2010-01-09 1.48 -
    Sophos 3.03.0 4.49 2010-01-10 2.99 -
    Sunbelt 3.9.2389.2 5608 2010-01-08 2.27 -
    Symantec 1.3.0.24 20100102.020 2010-01-02 0.11 -
    nProtect 20100109.01 6831766 2010-01-09 4.36 -
    The Hacker 6.5.0.3 v00143 2010-01-09 0.80 -
    VBA32 3.12.12.1 20100108.2153 2010-01-08 2.34 -
    VirusBuster 4.5.11.10 10.118.25/2004768 2010-01-08 2.41 -

    NEXT RESULT IS FROM SCAN FOR C:\WINDOWS\explorer.exe

    VirSCAN.org Scanned Report :
    Scanned time : 2010/01/10 06:54:43 (EST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 2926592 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : d07d4c3038f3578ffce1c0237f2a1253
    SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
    Online report : http://virscan.org/report/9d9617050e47bd0931d4a71ab199cbe5.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100109234514 2010-01-09 5.47 -
    AhnLab V3 2010.01.09.02 2010.01.09 2010-01-09 1.53 -
    AntiVir 8.2.1.134 7.10.2.151 2010-01-08 0.38 -
    Antiy 2.0.18 20100108.3621411 2010-01-08 0.12 -
    Arcavir 2009 201001081341 2010-01-08 0.09 -
    Authentium 5.1.1 201001091522 2010-01-09 1.26 -
    AVAST! 4.7.4 100109-0 2010-01-09 0.11 -
    AVG 8.5.288 270.14.131/2609 2010-01-09 0.34 -
    BitDefender 7.81008.4847615 7.29800 2010-01-10 4.11 -
    CA (VET) 35.1.0 7225 2010-01-07 10.92 -
    ClamAV 0.95.2 10275 2010-01-09 0.33 -
    Comodo 3.13.579 3409 2010-01-09 2.25 -
    CP Secure 1.3.0.5 2010.01.09 2010-01-09 0.48 -
    Dr.Web 4.44.0.9170 2010.01.09 2010-01-09 8.82 -
    F-Prot 4.4.4.56 20100109 2010-01-09 1.84 -
    F-Secure 7.02.73807 2010.01.09.04 2010-01-09 4.41 -
    Fortinet 11.354- 11.354 2010-01-09 0.25 -
    GData 19.9871/19.667 20100109 2010-01-09 9.37 -
    ViRobot 20100108 2010.01.08 2010-01-08 1.39 -
    Ikarus T3.1.01.80 2010.01.09.74929 2010-01-09 4.50 -
    JiangMin 13.0.900 2010.01.09 2010-01-09 19.03 -
    Kaspersky 5.5.10 2010.01.09 2010-01-09 0.07 -
    KingSoft 2009.2.5.15 2010.1.9.22 2010-01-09 0.74 -
    McAfee 5.3.00 5856 2010-01-09 3.41 -
    Microsoft 1.5302 2010.01.09 2010-01-09 10.62 -
    Norman 6.01.09 6.01.00 2010-01-09 4.01 -
    Panda 9.05.01 2010.01.09 2010-01-09 2.00 -
    Trend Micro 9.120-1004 6.758.06 2010-01-09 0.04 -
    Quick Heal 10.00 2010.01.09 2010-01-09 2.83 -
    Rising 20.0 22.29.05.04 2010-01-09 1.14 -
    Sophos 3.03.0 4.49 2010-01-10 2.99 -
    Sunbelt 3.9.2389.2 5608 2010-01-08 7.50 -
    Symantec 1.3.0.24 20100102.020 2010-01-02 0.78 -
    nProtect 20100109.01 6831766 2010-01-09 10.97 -
    The Hacker 6.5.0.3 v00143 2010-01-09 1.16 -
    VBA32 3.12.12.1 20100108.2153 2010-01-08 4.07 -
    VirusBuster 4.5.11.10 10.118.25/2004768 2010-01-08 3.44 -

    I have to do two posts for the file is too big for techspot pls find result in my next post.

    Thank you very much for all your help..If i have done anything incorrectly please let me know i will fix it straight away..lol

    Once again ty vm for all your patience
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Good so far. You have one more file to do the scan on. Checking those particular files is way to determine whether the system is infected by Virut. That is a bad one that we usually recommend reformat/reinstall. but if the last file scan is clear for that, we will proceed looking for other malware.

    If after running C:\WINDOWS\System32\svchost.exe you also see Scanner results: Scanners did not find malware! please go ahead and do the following:

    Follow the steps HERE. When you have finished, attach the 3 logs to your next reply. I'll review them to see what we're working with.

    Usually that would be where we have you start. IT was just the particular malware- Win32 Heur- that I have seen so often with Virut that made me want to rule it out.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.