Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
37 Posts
Discussion Starter · #1 ·
First I'd like to say that I have read the thread about how to remove this virus from \System Volume Info\... however, you wouldn't have thought I had it if it weren't for the persistent avg warnings.

I have up-to-date versions of Spybot and Adaware and there's doesn't seem to be anything abnormal in the registry at first glance yet it still persists. I'm really quite stuck as to what to do next to rid my machine of this.

My HijackThis log is as follows:

Logfile of HijackThis v.1.97.7
Scan saved at 12:25:20, on 07/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running Processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG-6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSERV.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave Activex Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.1514814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

There's nothing hazardous here so far as I can see. Any suggestions as to how to remove are greatly appreciated.

Thanks guys!

Pen.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top