Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • Please log in to reply
4 replies to this topic

#1 OO7

OO7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 24 February 2008 - 08:42 AM

Ever since I downloaded AVG, my computer starts acting really wierd and creepy. First, once I install AVG, my video card goes buggy. Restarted, to find that Spybot has found several changes in the registry. Then, my Recycle Bin is full, so I open it up and there is 5 COUNTER STRIKE KEYGENS!! I have Spybot, Avg, and Norton. I've had Norton and Spybot for quite some time so it can't be that. No, I do not illegally download pirated software, music, or games. I'm just wondering, could this be a variant of some virus?

P.S. AVG hasn't detected anything yet.
P.S.S. AVG detected SmitFraudFix as a HackTool and deleted it.

~OO7 :thumbsup:

Edited by OO7, 24 February 2008 - 08:44 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:39 PM

Posted 24 February 2008 - 08:55 AM

AVG may be acting "weird" because your also running Norton.

Using more than one anti-virus program is not advisable regardless if the second is used as a stand-alone on demand scanner. Even when one of them is disabled, it can affect the other. Issues can arise when the active anti-virus detects the non-active one's definitions or quarantined files.

The primary concern with using more than one anti-virus program is due to conflicts that can arise when both are running in real-time mode simultaneously. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognised by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. However, some anti-virus vendors do not encrypt their definitions and will trigger false alarms if used while another resident anti-virus program is active.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Most anti-virus vendors recommend that you install and run only one anti-virus program at a time:
Symantec's statement.
Avast's statement.
AVG's statement.
Dell Support advises the same for their systems.

When necessary, you can always get another opinion by performing an Online Virus Scan.

SmitfraudFix is not a virus or malware. It is a tool to detect and remove smitfraud infections. However, certain files that are part of the tool, such as process.exe, restart.exe, SmiUpdate.exe, ws2fix.exe, reboot.exe, IEDFix, VACFix and GenericRenosFix may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.

These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the detection is a "False Positive".

For Spybot alerts on Windows Security Center read the discussion here and see the FAQ: Why does Spybot-S&D flag changes in the Windows Security Center?.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 OO7

OO7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 24 February 2008 - 08:57 AM

Thank you, but what about the part where I have 5 CS keygens in my recycling bin? I'm kinda scared about that since I don't download any of that crap.
EDIT: Found nothing.

Edited by OO7, 24 February 2008 - 09:12 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:39 PM

Posted 24 February 2008 - 09:03 AM

Empty the contents of your recycle bin and then do this:

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. (ignore any prompts to update or check for a new version)
  • When the Dr.Web opens, an "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 OO7

OO7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 24 February 2008 - 09:04 AM

Thanks, I am going to try that right now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users