Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avg finds win32/Heur virus


  • Please log in to reply
5 replies to this topic

#1 blumm

blumm

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 18 April 2009 - 12:38 PM

Hi,
I have a clean install xp with sp3. I downloaded the motherboard drivers from gigabyte web site and installed dirvers below.
- motherboard driver audio realtek
- motherboard driver chipset intel inf
- motherboard driver lan realtek
- motherboard driver vga intel
After that I installed AVG and avg started popping virus alerts for this files.
Virus found Win32/Heur C:\windows\Soundman.exe
How come Gigabyte web site has driver installers with viruses? Or AVG is wrong these are not virus but still how can I get rid of this viruses or AVG alerts?
Thank you.

BC AdBot (Login to Remove)

 


#2 blumm

blumm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 18 April 2009 - 12:59 PM

AVG keeps finding more viruses and adding to the list above, now found
c:\windows\explorer.exe virus found win32/Virut Object is white-listed ( critical system file...

I attached two pop-up virus alerts from AVG

and it seems notepad.exe is inaccessible b/c AVG blocked it. See attached image (system_error)

Edited by blumm, 18 April 2009 - 01:02 PM.


#3 blumm

blumm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 18 April 2009 - 01:09 PM

Posted Image

Posted Image

Posted Image

Edited by blumm, 18 April 2009 - 01:35 PM.


#4 blumm

blumm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 21 April 2009 - 06:23 PM

Never got a reply back on this post, I had to make a clean installation.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:59 AM

Posted 21 April 2009 - 09:43 PM

Sorry for the delayed response but we are all volunteers and sometimes a topic thread will get missed.

You made the right decision. Virut (Virtob) / Virux, are polymorphic file infectors with IRCBot functionality which infects .exe, .scr and script files (.PHP, .ASP, and .HTML), downloads more malicious files to your system, and opens a back door that compromises your computer. When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. Virux is an even more complex file infector. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut
Virut/Virux are contracted and spread by visiting remote, crack and keygen sites. These kind of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

In some instances this infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards.

If your computer was used for online banking, had credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 blumm

blumm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 22 April 2009 - 12:14 AM

Thank you for your response




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users