Virus Help

[[SiK]Demiveil]

I currently have a very annoying virus problem which I cannot seem to solve so thought I would ask for some help.

I have Avast Antivirus, Lavasoft Adaware SE, Zonelarm Firewall and ProcessGuard running security wise on my computer, and yet on every boot a virus is detected within my Local Settings/Temp folder, the file is a .dll of alternating name (xcvyz2.dll etc)
Whilst Avast easily seems to detect and delete the virus (Win32-Troj) it does not stop the problem on boot, it would seem some program is making said .dll yet ProcessGuard does not detect any Process attempting to start, so I am at a loss as to how to find the culprit.

Any Advice?

[[DRuG]NikT]

I currently have a very annoying virus problem which I cannot seem to solve so thought I would ask for some help.

I have Avast Antivirus, Lavasoft Adaware SE, Zonelarm Firewall and ProcessGuard running security wise on my computer, and yet on every boot a virus is detected within my Local Settings/Temp folder, the file is a .dll of alternating name (xcvyz2.dll etc)

This is a symptom of the fact that the dll itself is being spawned from elsewhere - likely a source file that is able to go under the radar of your scanners, but contains the data required to generate the virus' dll. As such, addressing the infected dll doesn't fix the source of the problem, which is likely hidden away in a virus "hive" -- these are areas of your machine for which the operating system is not at liberty to modify, however, the virus often can. Hives are areas, for example, like "system restore points" - these should always be disabled and should not be used. With all hives disabled, I suggest you run Kaspersky AntiVirus.. it is very good for disinfecting infected machines. I have used it many times with success where others have failed. It will require a commercial key.

Whilst Avast easily seems to detect and delete the virus (Win32-Troj) it does not stop the problem on boot, it would seem some program is making said .dll yet ProcessGuard does not detect any Process attempting to start, so I am at a loss as to how to find the culprit.
Any Advice?

Perhaps contact me direct, but really, this problem can be solved with Kaspersky, and prevented by disabling restore points and other hives.

[[SiK]Grim_Reeper]

Demi, if you can identify any of the virus files try this lil program.
http://download.bleepingcomputer.com/sp ... illBox.exe

With Killbox you will have to locate the file and then try to delete it while having the "End Explorer Shell While Killing" box ticked.

[[DRuG]KillFrenzy]

The virus may have gone deeper and crippled Windows itself to force it to boot up with that virus loaded. I'm pretty good at manually removing viruses, but you'll need some technical knowledge with Windows.
1. Make sure you've removed that virus and remember the file path it was in.
2. Try to boot into safe mode (keep tapping F8 on bootup).
3. Check if the virus is there. You must check manually, as the anti-virus is not loaded while in safe mode, nor any other startup programs.


IF THE VIRUS IS STILL THERE:

The virus has infected the system files. Insert your Windows CD and restart the computer, booting up with the CD. I've found an okay website with instructions to repair the system files. Make sure you backup. This way may be quite a hassle.
http://www.michaelstevenstech.com/XPrepairinstall.htm


IF THE VIRUS IS NOT THERE:

If you haven't already, perhaps you could try checking your startup applications and processes. Click on your Start Menu, press Run, and enter in 'msconfig'.

Look through anything suspicious in the Services and Startup tab. Be careful with disabling some of the Services though, it can stop your computer working if you uncheck the wrong ones. Although the computer will still work if you disable all the Startup items.

If that still doesn't work, you may have to check if the virus has installed any drivers. Right click on 'My Computer' and click on properties. Go to the 'Hardware' Tab, then 'Device Manager'. Look through all the hardware and see if anything is suspicious. Disable it. If that doesn't help, I'd recommend re-enabling it again.


Well, hope that can help you manually remove the virus. I just noticed how much I wrote

[[SiK]Demiveil]

Thanks for the help, will try each of these suggestions until one works, if it comes down to reinstalling windows that shouldn't be a problem given my hard disk is partitioned into 3 sections, XP32, Vista64 and a Storage Drive where most of my actual programs etc lie.

[DragonMaster]

I'm not really a "PC professional" but I can say one thing. Try not to overload your computer with anti-viruses, having one good anti-virus is the best.

[[SiK]Demiveil]

I am aware of that, and have certainly done no such thing, thanks for the input though.

[[DRuG]NikT]

I've said it once, and I'll say it again. Use Kaspersky.

If this doesn't work, don't go anywhere near a windows disk - contact me directly.

The procedures outlined above show ignorance of the systematic approach to removing virii/locked files in the standard manner - booting off media that doesn't lock the files - eg. a BartCD/XP/PE "live" CD.

With this disk booted, none of the files infected & locked by the OS are locked any more, making disinfection a snap.

I suggest Kaspersky because it has had success where about 12 other scanners fail. I have to disinfect machines every day for work, often from the opposite side of the planet, while dealing with someone that doesn't speak English as their first language.

Stay in touch & let me know how you go.

[[DRuG]KillFrenzy]

Lol yeah, having more than one anti-virus or more than one firewall can mess up your computer. Also a conflicting anti-virus and firewall can also mess up the computer. I like how you've got your system partitioned and ready for formatting though

EDIT: Nikt is right, The Windows CD should always be your last option. I forgot to mention about the anti-virus.

[[SiK]Demiveil]

I unfortunately do not have any means of actually purchasing a copy of Kaspersky, given I have no credit card etc.