Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Found Virus But In Avg Vault Is A List Of Dll


  • Please log in to reply
3 replies to this topic

#1 orientpal

orientpal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 19 January 2008 - 03:51 PM

Hi
My daugther is at seville uni in spain i am in england so i can only help her via a phone.
Would any kind person please give me some pointers as what to do.
She plugged in a usb memory stick into her laptop after it has been in a uni computer to print some documents.
AVG flashed up you have a virus,she tried to heal the virus came back so she sent it/them to the vault.
This what she has amvo0:dll path c/windows/system32
t589jso.dll path c/documents and settings
A0084439.dll path c/system volume information
A0084467.dll path c/system volume information
A0084594.dll path c/system volume information
A0084615.dll path c/system volume information
A0085007.dll path c/system volume information
A0085046.dll path c/system volume information

She has xp home ,avg antivirus, ad-adware personal.
Please if some one can help.
Richard

BC AdBot (Login to Remove)

 


#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:08:02 AM

Posted 19 January 2008 - 07:04 PM

Hi orientpal, :thumbsup: welcome to BC!
The files you listed are:
t589jso.dll - Win32/NSAnti
amvo0.dll - Win32/PolyCrypt
You should clear the AVG vault to remove these.
The other files can be removed to. They have infected the system restore folder. If AVG cannot remove the files in system restore you should open system properties in the control panel and turn off system restore in the system restore tab. This will clear its files and you can turn it back on after rebooting.

Hope that helps! :flowers:

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 orientpal

orientpal
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 20 January 2008 - 05:57 AM

Thanks Tomo2
I will let my daugther know this and see how see gets on.
Richard

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:02 PM

Posted 20 January 2008 - 09:53 AM

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.

"Understanding AVG7 Free Virus Vault"
"AVG FAQ #647: I have some files in the AVG Virus Vault. What next?"

The infected RP***\A00*****.exe file(s) identified are in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point. The easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

She plugged in a usb memory stick into her laptop after it has been in a uni computer to print some documents

Probably a Flash drive infection. They usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users