Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm/vb.so Infection


  • Please log in to reply
12 replies to this topic

#1 kel32369

kel32369

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 March 2007 - 11:28 AM

New user here and have read lots of posts, but still unclear to me how to post a log or where the logs come from that users post here. I d/l'd AVG and am currently running a virus scan on my PC and currently have 37,752 files with the above worm infection. Scan has been running for 8+ hours, I'm sure it is a long way from being done but my question is....if I just put them all into the vault when the scan is done, will that be enough or do I actually want to remove them? And then there is some kind of HiJack program that others talk about and wondering what that is? My other question is....could someone just come over and fix my whole system for me.....I'll feed you!! :thumbsup:

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:18 PM

Posted 21 March 2007 - 11:58 AM

Hi kel32369 and Welcome to Bleeping Computer,

Did AVG place all the files it detected into its vault?
The vault is a safe environment for containing infected files and further investigation of suspicious ones.
Afterwards, you can safely delete them.

If AVG could not remove all these files, then I suggest you post a Log in the HijackThis Forum and have the trained experts deal with this issue.
Follow the instructions in this Preparation Guide for use before posting a HijackThis Log .

Post that Log In This Forum by clicking on 'New Topic'.
Once you've posted there, please do not make any changes to your computer until the team member advises you it is okay to do so.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#3 kel32369

kel32369
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 March 2007 - 02:10 PM

AVG is still scanning.....10+ hours and over 45,000 infected files so I won't know what AVG can/will do with them when the scan is over, but I will let you know when it's done. Thanks for being here--I feel better already! :thumbsup:

#4 kel32369

kel32369
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 March 2007 - 07:39 PM

OK, so the scan finished and I had like 46000 infected files and it said it was starting to "heal" them and I had to leave for the dentist, thinking there would be a progress report when I got back, but AVG was all closed up. I opened the control center and it looks like it sent 6945 of the files to the vault, but it doesn't say what happened to the rest of them? I'd hate to have to run that scan again as it took over 14 hours. Any thoughts to where they went?

#5 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:18 PM

Posted 21 March 2007 - 10:04 PM

That's alot of infected files!

Open up AVG-Antispyware and click on the Infections Tab then Click Quarantine.
Click on Select All then click Remove Finally.

Did you run that last scan in Safe Mode?
It wouldn't hurt to run AVG again in Safe Mode. It won't take as long because all the work was done on the first scan.

Also download and run SUPERAntiSpyware in Safe Mode.
Allow it to quarantine whatever it finds.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#6 kel32369

kel32369
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 22 March 2007 - 09:07 AM

I thought I would tackle the anti-spyware scan when I've completed the anti-virus issue, so I'm using the AVG anti-virus program, not the anti-spyware program and when I look at my list of infected files, I cannot find an option to "select all" in order to heal them all at once---its taking me a month of sundays to click on each of them individually. Does anyone know the trick?

#7 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:18 PM

Posted 22 March 2007 - 11:57 AM

Sorry kel32369, guess we were unclear which "AVG" you were using.

So once you are in Vault, can you hold the Shift button when you select a file, then more can be selected?
(Have never done this myself, but is worth a try!)

FYI, There is some good tips in the AVG Help Topics.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#8 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:18 PM

Posted 22 March 2007 - 12:16 PM

I agree, it is a lot of files ! Is it possible that AVG is reading the "signature files" of another antivirus program that is installed on your comp or was once installed and partially removed? Can you see the file path/locations of the files in AVG vault? If you can, will you post a few of those.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 kel32369

kel32369
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 22 March 2007 - 06:59 PM

Well I'm not really sure what part you want me to post, but the file/path is all in my son's section of Windows XP and he does a lot of the P2P stuff, so I'm sure that's where they came from. They are all in his Documents and Settings and all .zip or .exe files. I'm going to keep tinkering here. Thanks again for your help.

#10 Master5270

Master5270

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where am I?
  • Local time:10:18 PM

Posted 22 March 2007 - 07:20 PM

I suggest you post a Log in the HijackThis Forum and have the trained experts deal with this issue.
Follow the instructions in this Preparation Guide for use before posting a HijackThis Log .

Post that Log In This Forum by clicking on 'New Topic'.
Once you've posted there, please do not make any changes to your computer until the HJT team member helps you fix your computer, and issues you a clean bill of computer health.

#11 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:18 PM

Posted 22 March 2007 - 11:48 PM

Hi kel32369,

What buddy215 wanted you to do was to copy a few of the files in vault and post them here.

BTW,how is your computer running?
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#12 kel32369

kel32369
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 23 March 2007 - 09:09 PM

OK--so my %^&*%$# pc has been scanning for 14 hours and found 33356 viruses and only deleted 6922 of them for whatever reason? So now I'm following the Preparation Guide above for HiJack to get ready to turn this mess over to those who might be able to help me. Thanks again for your help! BTW--things are running a LITTLE slow--ok a lot slow, but everything seems to work if given the time to.

#13 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:18 PM

Posted 23 March 2007 - 11:44 PM

Yup, definitely sounds like it's time to do just that kel32369!
In your Hijack post, be sure and describe what steps you have taken so far to try and get rid of the viruses.

Please try and be patient as they are a very busy Team and will respond to your post in due time.
If you haven't received an answer in five days, you can post your link Here.

Good Luck :thumbsup:
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users