Virus found Win 32/Heur: AVG

[Susieq07]

Hello wondering if someone can help. Yesterday upon turning on laptop AVG came up with message that Virus removed Win 32/Heur (C:\Windows\15055.exe).

I followed the 8 step removal process, twice yesterday and thought I had got had got rid of the virus. Rang a full AVG scan and came up with no infections. I have attached the 3 logs from the 2nd process yesterday. Now today when I have turned the laptop AVG message has come up again eg:
Virus removed Win 32/Heur, and its listed in the virus vault.

I have had this before about 4 months ago, but went through the 8 step process and got rid of it then.

Any advice on what I do next would be greatly appreciated

cheers S

 

[Susieq07]

Virus found Win 32 Heur by AVG

As a folllowup I have gone through the 8 steps process again tonight and have attached tonights logs. Seems to made no difference AVG saying it has found Win 32/Heur (C:\Windows\15055.exe), detected upon open.

Also when I do shutdown and restart are tonight now getting an error message saying
Project 1 Runtime error 5
Invalid procedure call or argument

regards S

 

[captaincranky]

Win32/Heur is polymorphic. This is the reason it's coming back. Reasonable advice seems to be disable system restore before trying to remove it.

There is a lot of info on the web about this particular infection. Suggest doing a Google search for some additional insight.

I DO NOT SUGGEST downloading any additional scanners or removal tools until their integrity can be verified.

 

[Susieq07]

Virus found Win 32 Heur by AVG

Hi would you be able to step me through how to disable system restore as you recommend and I'll go the steps again see if I have any success.

thanks alot S

 

[captaincranky]

It's very simple; Right click on "My Computer" ; then click "Properties" in the drop down menu. Click on the "Restore" tab. Then; check "turn off system restore on all drives" and click "apply".

When you do this, all your restore points will be deleted, so keep in mind this is very strong medicine.

Then you would go through the virus removal process, and if that went well, shutdown, reboot and re-enable system restore.

On an infection that has progressed as far as yours has, it might be better to reformat and reinstall the OS. Only you can make that call. But trojans such as the one you're dealing with can compromise personal information, so give that some serious thought.

I also ran into some references to "Combo Fix" in relation to this trojan. This is software that isn't integrated into our 8 step process. I am far from an expert at malware removal, so again, I believe that it would be prudent to do some extra research while you work.

Best of luck, let us know what happens.