PDA

View Full Version : Can a virus re-download itself after anti-virus deletes it?



nedkelly
03-11-2009, 10:14 AM
Hey interesting thing has been happening to my laptop. My Avast has been going off every 7 minutes saying that it has found a virus in the c:\windows\Temp folder. So I tell avast to delete it, and then 7 minutes later it happens again with a different .dll in the same folder. In the end was getting annoyed so turned off my wireless and started Malwarebytes and now it has stopped. Would this be the same virus trying to download itself again or different ones?

inphinity
03-11-2009, 10:18 AM
Probably the same one, generating random dll names.

Metla
03-11-2009, 10:19 AM
Virus could be in multiple parts, and when your AV cuts its head off, It grows another with a different file name.

Blam
03-11-2009, 10:20 AM
Hey interesting thing has been happening to my laptop. My Avast has been going off every 7 minutes saying that it has found a virus in the c:\windows\Temp folder. So I tell avast to delete it, and then 7 minutes later it happens again with a different .dll in the same folder. In the end was getting annoyed so turned off my wireless and started Malwarebytes and now it has stopped. Would this be the same virus trying to download itself again or different ones?

You're probably deleting the files its creating, rather than the virus itself..

Speedy Gonzales
03-11-2009, 10:23 AM
Depends what the virus is, or what Avast is detecting it as. Disable system restore and use ccleaner, to remove whats in the temp folder

nedkelly
03-11-2009, 10:24 AM
yeah thought something like that but as i said it stopped when i turned my wireless off.

nedkelly
03-11-2009, 10:26 AM
ok speedy doing a malwarebytes scan right now so when that has finished will run ccleaner

Agent_24
03-11-2009, 10:39 AM
There will be other parts of it in other places on your system...

Until you find out what virus it is, you won't know what these places and files are...

Upload the dll in temp folder to virustotal.com and see what it comes up with..

nedkelly
03-11-2009, 10:42 AM
avast deleted the dll files that came up as being infected

Agent_24
03-11-2009, 10:45 AM
Can you turn the wireless back on and make it re-download the file?

nedkelly
03-11-2009, 10:49 AM
yeah i can

nedkelly
03-11-2009, 10:51 AM
wow got a hit already

nedkelly
03-11-2009, 10:53 AM
oops forgot what the name was.
Hey the file is gone

nedkelly
03-11-2009, 10:59 AM
ok uploaded it to the site. It is scanning it now. What do i do now?

Agent_24
03-11-2009, 11:00 AM
Can you post the link to the scan results?

nedkelly
03-11-2009, 11:02 AM
http://www.virustotal.com/analisis/ba18c547c9152a64dadc6fc1a43921145b7e4102e03a74efa0 abe0a3a6ee2879-1257199081

Agent_24
03-11-2009, 11:10 AM
Next step would be to Google for the virus name and try to find out about it, what it does and how to remove it.

eg: http://www.spywareremove.com/removeTrojanATRAPS.html

Speedy Gonzales
03-11-2009, 11:22 AM
I would scan the whole hdd with avast. It maybe a rootkit / it may also steal information as well

nedkelly
03-11-2009, 11:35 AM
yeah doing a scan of system 32 with avast right now. And paused MBAM cause they were both scanning the same folder

nedkelly
03-11-2009, 11:37 AM
avast is finding heaps of dlls that are viruses

nedkelly
03-11-2009, 11:39 AM
hmm seriously thinking about buying a full version of NOD32. Cause for the last couple of months been using trials, and they all expired and so i installed avast and now i get viruses.

wratterus
03-11-2009, 11:51 AM
Buy it mate! It's so worth it. :)

http://ascent.co.nz/productspecification.aspx?ItemID=377018

Agent_24
03-11-2009, 11:55 AM
If you want a free AV get Comodo!

Speedy Gonzales
03-11-2009, 12:07 PM
Ah no I wouldnt get comodo's AV. MSE isnt too bad. Someone brought their USB hdd over for me to check it. Scanned it with MSE, it picked up 6 trojans lol

nedkelly
03-11-2009, 12:26 PM
na sorry free anti-virus programs have done their dash with me. Only one of my main pcs will be keeping a free anti-virus program and thats cause it is 64bit

nedkelly
03-11-2009, 12:27 PM
is it better to get Nod thru chillisoft or something like pb tech?

wratterus
03-11-2009, 12:29 PM
is it better to get Nod thru chillisoft or something like pb tech?

Makes no real diff. You may as well go through Chillisoft. Pretty much everyone has it for between $68.50 and $70.00

Agent_24
03-11-2009, 12:33 PM
Ah no I wouldnt get comodo's AV. MSE isnt too bad. Someone brought their USB hdd over for me to check it. Scanned it with MSE, it picked up 6 trojans lol

Why wouldn't you use Comodo AV? Combined with Defense+ its probably the best free AV out there

And even without it, it's still good

Speedy Gonzales
03-11-2009, 12:34 PM
na sorry free anti-virus programs have done their dash with me. Only one of my main pcs will be keeping a free anti-virus program and thats cause it is 64bit

Actually, you dont really need one for 64 bit. Since hardly any viruses etc use 64 bit code. So, even if you were infected, it wont / cant run in / on a 64 bit system

nedkelly
03-11-2009, 12:48 PM
better to be safe than sorry speedy

Sweep
03-11-2009, 12:51 PM
hmm seriously thinking about buying a full version of NOD32. Cause for the last couple of months been using trials, and they all expired and so i installed avast and now i get viruses.

Here was me thinking that Apple does not get viruses or should that be virii.

What are you doing using Avast on a Mac anyway?

Yep. Very much tongue in cheek and you profess to be an Apple expert.

nedkelly
03-11-2009, 12:59 PM
haha no viruses for mac. Its what i am using to get internet until I get rid of that virus on my vista. Which just Blue screened 3 times

nedkelly
03-11-2009, 01:01 PM
oh dear not looking good. Might be time for reinstall if this dont work. Really dont want to reinstall the laptop though

nedkelly
03-11-2009, 01:01 PM
BSOD number 6.
Think will give laptop a rest for a bit to see if that helps

Speedy Gonzales
03-11-2009, 01:05 PM
Did you disable system restore?? Whatever it is, it maybe running on startup. Post a HJT log from it (boot into safe mode / networking). WHAT does the BSOD say?? Does it say the name of a file?

nedkelly
03-11-2009, 01:10 PM
cant see what the bsod says it just flashes up and the laptop restarts

nedkelly
03-11-2009, 01:12 PM
cant get into safe mode

Speedy Gonzales
03-11-2009, 01:17 PM
You'll have to untick auto restart. If you can get into it somehow (winkey+pause) / advanced tab / startup and recovery / settings. Try last known good configuration (hold F8 down after you reboot).

You could use trojan remover, but it doesnt work in 64 bit

nedkelly
03-11-2009, 01:24 PM
this is not 64 bit. But the big problem is I cant get the laptop to start up

Speedy Gonzales
03-11-2009, 01:29 PM
Remove the hdd then put it in a desktop, then scan it. Can you press F8 then select disable auto restart. Dont know if its there or not. So it wont even turn on let alone boot into anything?

nedkelly
03-11-2009, 01:30 PM
going to see if i can get it to boot off vista dvd. and if not then i hope it is an ide laptop drive

Speedy Gonzales
03-11-2009, 01:34 PM
Vista is better than XP. If the hdd is sata, you dont have to slipstream / add sata drivers. It'll know its sata and find the hdd (if you boot from the dvd that is)

nedkelly
03-11-2009, 01:41 PM
ok might just throw the specs of the laptop out here.
Hp DV6000 Entertainment Laptop
2.0 Ghz Dual Core 2
2.5 Gb ram
160gb Hard drive
Vista 32bit.
The reason I am hopeful it is ide is because I have some 2.5" hard drive cases but no Sata cases 2.5" or 3.5"

nedkelly
03-11-2009, 01:41 PM
hey it booted from the dvd. Trying repair your computer option to see what happens

nedkelly
03-11-2009, 01:53 PM
hey what ever that repair your computer did it worked i am back at the desktop

Speedy Gonzales
03-11-2009, 01:58 PM
It probably overwrote the infected files, with clean files off the DVD. Was the wireless encrypted, when it was on?? If it wasnt, I would use encryption, if youre going to use it. Or disable it

nedkelly
03-11-2009, 02:02 PM
the wireless is WPA encryption. And has always been encrypted. What kind of computer technician would I be if I left my own wireless open to the world?

Speedy Gonzales
03-11-2009, 02:03 PM
Well good question, but you'll be surprised :p

nedkelly
03-11-2009, 02:09 PM
yeah some 'computer technicians' are horrible at following their own advice they give people