Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fonts Change On Their Own


  • Please log in to reply
1 reply to this topic

#1 spiritcloud

spiritcloud

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 07 December 2007 - 11:10 AM

I hardly know where to begin with this one. :thumbsup:

I guess with some computer stats.
OS: Windows XP Home SP2
RAM: 768MB PC3200 DDR SDRAM

This problem started maybe 3 weeks ago on my wife's computer. She will be surfing the net or chatting in an IM or working in a word processor, etc, and suddenly her current computer fonts will change. It's widespread: it affects the fonts on her desktop, in local apps, on web pages and instant messengers. The problem wouldn't be so bad if the new fonts were decent, but they are mostly difficult to read and some are symbols or gibberish.

Rebooting the computer switches the fonts back, but they change again anywhere from 5 minutes to half a day later. She said a system restore stopped the font changes for 1-2 weeks the first time she tried, but her recent attempt only stopped it for about a day. The problem seems to be increasing in frequency.

We aren't sure if it is related, but every couple of days her antivirus finds a downloader.generic#.XXX trojan(she isn't sure if it is the exact same trojan each time).

Also, when the trojans are found, her AVG also finds the following... File: shell32.dll - Infection: Change - Path: c:\windows\system32\

Another issue that we are not sure is related... A few weeks ago, her pc was having a boot problem. When it booted up, it would reach the point of starting Windows and it would reboot again and then it would work correctly. The problem got worse until it wouldn't stop rebooting. I ended up creating a new boot sector and the problem stopped. But whatever caused it was never fixed.

Any help with this issue(s) will be very greatly appreceiated! Thanks in advance.

T--

{Mod Edit:Moved to more appropriate forum~~boopme}

Edited by boopme, 07 December 2007 - 02:49 PM.

Nobility is not a birthright--it is a way of life.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:27 AM

Posted 08 December 2007 - 07:56 AM

I'm not sure about the fonts issue your having but I can address some of your other concerns.

"Generic Trojan" is a heuristic detection and a name provided to possible new variants of malware. AVG uses this detection method which incorporates the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.

See How AVG Heuristic Analysis Works.

Get a second opinion, by submitting the file to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive , turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

forum.grisoft: instructions for suspected FP's

Reported changes in system files such as kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe are normal for AVG.

There are many valid reasons for those files to show changed, a Windows update, file system check that replaced them if corrupted, and others. As long as AVG doesn't say they are infected it is ok. If it continues to show changed, delete the following file(s) in the C:\ directory and AVG will create a new one(s)...AVG7DB_F.DAT, AVG7QT.DAT

kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe have "changed"
AVG free edition shows shell32.dll changed

It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in the %ALLUSERSPROFILE%\Application Data\avg7\ folder and AVG will rebuild it the next time it is run.

The %ALLUSERSPROFILE% is different for each version of Windows. The following are the typical locations for XP and Win9x

XP - C:\Documents and Settings\All Users\Application Data\avg7
Win9x -C:\Windows\All Users\Application Data\avg7

Changed File Alerts

XP Shut Down and Automatic Reboot Problems
XP Shutdown & Restart Troubleshooting
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users