AVG problems.
- Thread starter kindangel
- Start date
- Status
1st problem
Hey Howard
I went into my husband's profile to look for something and it notified me that AVG firewall was not activated. So I activated it, and was able to do a scan in my profile (finally) and it found a Trojan of some sort. It says it has deleted it.
Anyhow, then I was able to run HJT and here is my log. If there is anything else I need to do.... I'm ready, willing and able....
K
Hey Howard
I went into my husband's profile to look for something and it notified me that AVG firewall was not activated. So I activated it, and was able to do a scan in my profile (finally) and it found a Trojan of some sort. It says it has deleted it.
Anyhow, then I was able to run HJT and here is my log. If there is anything else I need to do.... I'm ready, willing and able....
K
howard_hopkinso
Posts: 21,238 +17
What Grisoft are doing Tedster, is withdrawing support for AVG free version 7.1.
This is because they already have a new version 7.5, which as far as I`m aware is still going to be free.
Anyone still running version 7.1 should get the new 7.5 version from HERE.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This is because they already have a new version 7.5, which as far as I`m aware is still going to be free.
Anyone still running version 7.1 should get the new 7.5 version from HERE.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
kindangel said:
Ok, no problem, just post the log file as an attachment.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I`m afraid so.
You still haven`t posted your log file?
You said.
But you`ve not actually posted it lol.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Tedster
Posts: 5,746 +14
hmmm. Perhaps I will tell my dad to download that version. Will it overwrite the older version or do you have to uninstall it? My father is elderly and had several strokes so I want to keep things simple for him. I cannot assist him directly as I am deployed to Iraq. He knows enough to be dangerous!howard_hopkinso said:What Grisoft are doing Tedster, is withdrawing support for AVG free version 7.1.
This is because they already have a new version 7.5, which as far as I`m aware is still going to be free.
Anyone still running version 7.1 should get the new 7.5 version from HERE.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
There`s no need to uninstall the old version mate. the new version will just overwrite it.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I didn't?
Gee, I thought I posted it.... but not as an attachment. Didn't realize I could, so hope this one works.
K
howard_hopkinso said:I`m afraid so.
You still haven`t posted your log file?
You said.
But you`ve not actually posted it lol.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Gee, I thought I posted it.... but not as an attachment. Didn't realize I could, so hope this one works.
K
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F3 - REG:win.ini: load=C:\WINDOWS\system32\xzvmysua\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\xzvmysua\csrss.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\xzvmysua<Delete the entire folder.
ALCXMNTR.EXE<Search your system for this file and delete all instances found.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F3 - REG:win.ini: load=C:\WINDOWS\system32\xzvmysua\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\xzvmysua\csrss.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\xzvmysua<Delete the entire folder.
ALCXMNTR.EXE<Search your system for this file and delete all instances found.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
One problem
I followed your instructions. Here is an error that I got when fixing in hjt
View attachment 11094
Then in said it was unable to delete the file: 04-startup: csrss.lnk+? The file may be in use. Use task manager to shutdown the program and run HJT again to delete the file.
I then went to the task manager to end the process and got the following message:
This is a critical system process. Task manager cannot end this process.
Here is the new HJT file
View attachment 11095
K
I followed your instructions. Here is an error that I got when fixing in hjt
View attachment 11094
Then in said it was unable to delete the file: 04-startup: csrss.lnk+? The file may be in use. Use task manager to shutdown the program and run HJT again to delete the file.
I then went to the task manager to end the process and got the following message:
This is a critical system process. Task manager cannot end this process.
Here is the new HJT file
View attachment 11095
K
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
csrss.lnk
Close task manager.
Search your system for this file: csrss.lnk and delete all instances found.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
If you can`t delete it, please give me the full filepath to the csrss.lnk file.
Post a fresh HJT log.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
csrss.lnk
Close task manager.
Search your system for this file: csrss.lnk and delete all instances found.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
If you can`t delete it, please give me the full filepath to the csrss.lnk file.
Post a fresh HJT log.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Ok
couldn't end csrss in task mgr
deleted two shortcuts with .lnk extensions
found these files
C:\Program Files\backups\backup-20061130-085416-390-csrss
C:\windows\prefetch\csrss.exe-143A89DE.pf
C:\windows\prefetch\csrss.exe-22452D1B.pf
These first 3 files were created yesterday and today
C:\windows\system32\csrss
C:\windows\ServicePackFiles\I386\CSRSS
C:\windows\1386\csrss
The two files with "csrss" in lower case of these last 3 files have just a empty blue box icon beside them and these 3 files were created in 2004 (when I got the new computer)
Here is the fresh HJT log
View attachment 11127
K
PS
Not sure if I have the time to do this all over again for the office computer. May have to take it in.
couldn't end csrss in task mgr
deleted two shortcuts with .lnk extensions
found these files
C:\Program Files\backups\backup-20061130-085416-390-csrss
C:\windows\prefetch\csrss.exe-143A89DE.pf
C:\windows\prefetch\csrss.exe-22452D1B.pf
These first 3 files were created yesterday and today
C:\windows\system32\csrss
C:\windows\ServicePackFiles\I386\CSRSS
C:\windows\1386\csrss
The two files with "csrss" in lower case of these last 3 files have just a empty blue box icon beside them and these 3 files were created in 2004 (when I got the new computer)
Here is the fresh HJT log
View attachment 11127
K
PS
Not sure if I have the time to do this all over again for the office computer. May have to take it in.
2nd Issue - Office
Got the message again. Sending new HJT. Still need to do all the stuff you sent me yesterday.
View attachment 11128
K
Got the message again. Sending new HJT. Still need to do all the stuff you sent me yesterday.
View attachment 11128
K
howard_hopkinso
Posts: 21,238 +17
Please download MsnVirRem.exe and save it to your desktop.
First close any other programs you have running as this will require a reboot.
Double click MsnVirRem.exe to run it
Once open, click the button labelled "Search and Destroy"
Your computer will now be scanned for Infected Files
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup from MsnVirRem if not, double click the program again and it will finish
Please Post the contents of C:\msnvirrem.log along with a fresh HJT log
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
First close any other programs you have running as this will require a reboot.
Double click MsnVirRem.exe to run it
Once open, click the button labelled "Search and Destroy"
Your computer will now be scanned for Infected Files
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup from MsnVirRem if not, double click the program again and it will finish
Please Post the contents of C:\msnvirrem.log along with a fresh HJT log
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
The csrss.lnk issue.
Regards Howard
EDIT: Lets concentrate on your original issue before moving on to the next machine.
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
EDIT: Lets concentrate on your original issue before moving on to the next machine.
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Next....
ok - didn't get file not found errors or pop up messages.
msnvirrem log View attachment 11139
and HJT log
View attachment 11140
K
ok - didn't get file not found errors or pop up messages.
msnvirrem log View attachment 11139
and HJT log
View attachment 11140
K
howard_hopkinso
Posts: 21,238 +17
That`s got it, your HJT log is now clean.
Have HJT fix this entry.
O4 - Global Startup: MsnVirRem.exe
Click the fix checked button and close HJT.
Now, please post a fresh HJT log from the other machine.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Have HJT fix this entry.
O4 - Global Startup: MsnVirRem.exe
Click the fix checked button and close HJT.
Now, please post a fresh HJT log from the other machine.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
ok
my computer froze up and I rebooted and now that file is not in the log .....
View attachment 11141
Is everything still ok?
K
my computer froze up and I rebooted and now that file is not in the log .....
View attachment 11141
Is everything still ok?
K
howard_hopkinso
Posts: 21,238 +17
Yes, your HJT log is clean as a whistle.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Yes it was quite a job lol.
The infection you had was a very stubborn one and needed a very specific fix. That`s another infection and it`s fix added to my database.
Now, if you`d like to post the HJT log from the other machine, I`ll see what needs to be done with that.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The infection you had was a very stubborn one and needed a very specific fix. That`s another infection and it`s fix added to my database.
Now, if you`d like to post the HJT log from the other machine, I`ll see what needs to be done with that.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
office
Well, I'm still working on the preliminary stuff. I can't remember how to access the menu in safe mode with the shortcut keys. (I'm running Windows ME and my mouse will not work in safe mode). I can open the control panel, but that's as far as I can get, so I can't display all my hidden folders. Tried the T key, tried tabbing, control tab, alt tab.... takes me to the same place, same with arrows.... just won't get me up to the menu. I thought it was like a / or \, but it's been awhile since my DOS days. The last 2 times I ran AVG virus scan.... nothing has come up, so the problem might have been found elsewhere in the preliminaries. However, I would still like to completely check my system.
Thanks
K
Well, I'm still working on the preliminary stuff. I can't remember how to access the menu in safe mode with the shortcut keys. (I'm running Windows ME and my mouse will not work in safe mode). I can open the control panel, but that's as far as I can get, so I can't display all my hidden folders. Tried the T key, tried tabbing, control tab, alt tab.... takes me to the same place, same with arrows.... just won't get me up to the menu. I thought it was like a / or \, but it's been awhile since my DOS days. The last 2 times I ran AVG virus scan.... nothing has come up, so the problem might have been found elsewhere in the preliminaries. However, I would still like to completely check my system.
Thanks
K
howard_hopkinso
Posts: 21,238 +17
Ok, forget safe mode for now and follow the instructions from normal mode.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of kindangel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Latest posts
-
DVD-like optical disc could store 1.6 petabits (or 200 terabytes) on 100 layers- johnsonlam.hk replied
-
AMD Radeon RX 8000 RDNA 4 GPUs rumored to use slower 18 Gbps GDDR6 memory- GodisanAtheist replied
-
Razer launches $160 Viper V3 Pro gaming mouse with 8,000 Hz polling rate- user478318 replied
