Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/fasec virus problem


  • Please log in to reply
3 replies to this topic

#1 aint4everybody

aint4everybody

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2009 - 09:42 AM

Hi, my computer has been infected by win32/fasec virus.
I was using nod32 but it was unable to find the virus, therefore I downloaded avast and it found about 14 infected files and said it has deleted it but was unable to delete one file in windows directory.
I don't know if I should believe that the virus is gone and is it possible to fix the damage it has done? - f.ex. I can't defrag, and I can't get to my local disk from mycomputer directory.

Thanks a lot.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 PM

Posted 09 February 2009 - 12:47 PM

Did the avast scan provide a specific file name associated with this malware threat(s) and if so, where is it located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.

Did you completely remove NOD32 from your system?

Using more than one anti-virus program is not advisable. The primary concern with using more than one anti-virus program is due to conflicts that can arise when they are running in real-time mode simultaneously. However, even when one of them is disabled for use as a stand-alone scanner, it can affect the other. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. However, some anti-virus vendors do not encrypt their definitions and will trigger false alarms if used while another resident anti-virus program is active.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

NOTE: No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

Overall NOD32 is much more effective than avast.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 aint4everybody

aint4everybody
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 10 February 2009 - 09:00 AM

Thank you for reply.
I uninstalled Nod32. It was only 30-days demo. Here's the scan from avast.


09.02.2009 14:07
Testují se všechny lokální disky

Soubor C:\Addon\proginst.exe je infikován virem Win32:Trojan-gen {Other}, Deleted
Soubor C:\Documents and Settings\dasenka\Local Settings\Temp\tmp5C.tmp je infikován virem Win32:Fasec [Trj], Deleted
Soubor C:\Documents and Settings\dasenka\Local Settings\Temp\tmpDCD7.tmp je infikován virem Win32:Fasec [Trj], Deleted
Soubor C:\Program Files\Mozilla Firefox\components\iamfamous.dll je infikován virem Win32:Fasec [Trj], Deleted
Soubor C:\recover\Addon\proginst.exe je infikován virem Win32:Trojan-gen {Other}, Deleted
Soubor C:\RECYCLER\S-7-3-49-100014016-100028888-100025877-3670.com je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted

Soubor C:\WINDOWS\system32\gaopdxvfobrsnk.dll infected with virus Win32:Fasec [Trj], Repairing: Error 42060 {Not repaired.}, Moving to quarantine: Error 0xC0000034 {Not found.}, Deleting: Error 0xC0000034 {Not found.}, Deleting: Error 0xC0000034 {Not found.} it says this file wasn't deleted but it is now in quarantine in avast

Soubor C:\WINDOWS\Temp\1468140.tmp je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted
Soubor C:\WINDOWS\Temp\15526671.tmp je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted
Soubor C:\WINDOWS\Temp\1842109.tmp je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted
Soubor C:\WINDOWS\Temp\203078.tmp je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted
Soubor C:\WINDOWS\Temp\4675296.tmp je infikován virem Win32:Fasec [Trj], Oprava: Chyba 42060 {Soubor nebyl opraven.}, Deleted
Soubor C:\WINDOWS\Temp\8175281.tmp je infikován virem Win32:Fasec [Trj], Deleted
Soubor C:\WINDOWS\Temp\tempo-97247750.tmp je infikován virem Win32:Fasec [Trj], Deleted
Počet prohledaných složek: 7572
Počet testovaných souborů: 92772
Infected files: 14


And when I click on the C: local disk icon in the my computer directory it says: windows can not find C:\RECYCLER\S-7-3-49-100014016-100028888-100025877-3670.com
that is the same file avast says it has deleted but it was giving this error message even before I used avast.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 PM

Posted 10 February 2009 - 10:24 AM

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".
-- Post the log in your next reply and let us know how your computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users