downloader.1st bar Virus

I have run AVG and it finds the virus but can't remove it. Any suggestions?

Where is the infected file? What OS are you running?

If you are running WinXP I will bet it show up in system volume information - correct?
If this is right, then to remove it you must purge the system restore files.

To do this, Right click on My Computer, and select properties.
click on the system restore tab. Put a check mark in the "turn off system restore on all drives" box. Reboot. That will purge all the files. Then repeat the process above, only this time remove the checkmark.
It will be necessary to set a clean restore point.
Open Help & Support, click on "undo changes to my computer with system restore".
Click on the option to set a new restore point, and think of a name for it. click on OK, and you should be OK>

A similar procedure will work if you are running WinME, but I don't know the exact details.

What did AVG do with the virus has it healed it or quarantined it? I believe this is a trojan youv'e picked up. I'm surprised it has not sorted that out for you. You could try a free on line scanner http://www.trojanscan.com

Thanks:)

If you're in Xp go here (in case you want to keep a reference):

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

If you're running Win Me go here:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239Open&src=sec_doc_nam&docid=2001111912274039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl

I just checked it and it works. Once you check 'Disable System Restore' leave checked until all this is cleared up. But if it tells you to restart after you click ok, apply, ok, then tell it 'no', and do a manual shutdown for two full minutes. Trust me, it's a good thing to do on all reboots.

Also after you go back and uncheck it, go to system restore (in Me) --Start > Programs > Accessories > System Tools > System Restore and set a new Restoration date. Depending on what you have --it may have already done that as soon as you re-enabled the restore. You set the new on in present time, whatever you clock says on the PC >>>>

Edit: The idea is not set a restore date that re-injects junk in the pattern, that isn't clear to a lot of people right off....

me Me too. . .:D


:cool:

The point of all of this is that the malware may only be in System Restore and not actually lose on the computer. It would only become active if the Restore Point is used, so cleaing System Restore will eliminate it and the next scan would come up clean. If it isn't in a Restore Point, the other options will need to be looked at....

Went into Safe mode and AVG got it.

Thanks

It would be a good idea now to run a full set of scans and post a HijackThis log to make sure you got all the stuff in there. Things like this rarely seem to travel alone, so it is likely there is some spyware and possibly other malware on your system. You can download HijackThis from the links in my signature....

To run HJT, extract it to a permanent folder such as C:\Documents or one you create like C:\HJT. Close all programs you have opened and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log. When the log window appears, Right click to Copy it, open your browser and come here to Paste the log. Do not make any changes until it is checked since most items are either benign or essential to the computer.

Glad to hear that thewolfe I thought it strange that AVG had not sorted that Trojan downloader for you.

I would however, heed Budfred's advice and let him see a highjackthis log - better to be save than sorry!

Thanks:)