| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 42555 | 2004-02-14 20:53:00 | lovsanA | ptopz (4662) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 215552 | 2004-02-14 20:53:00 | Every day i get a message from my virus program (AVG) that I lovsanA is on the system and that i need to run AVG to remove it. Every day i do this and it tells me it has removed it. Does anyone know if this thing is resident in my PC and reactivates itself every day or whether I am getting it fresh each time. Today when i got the message I ran spybot first, but that couldnt even find it. AVG dorked it again (it says) but I am sure it will be with me again tomorrow. I have downloaded and run various tools (the microsoft sytem updates, MSblaster etc.) Any ideas? |
ptopz (4662) | ||
| 215553 | 2004-02-14 21:04:00 | What location does AVG report this virus to be in? Does it mention System Volume in the path? System Volume is where ME and XP store the System Restore Point. Copies of virus are often found in this location as a restore point was created when your system was still infected. AVG cannot clean the virus out from this location even though it can detect the presence of it. To remove the virus from the System Volume folder, you will need to turn off System Restore, reboot the machine and then re-enable System Restore again. By turning off System Restore you will lose all previous Restore points that were available. |
Jen C (20) | ||
| 215554 | 2004-02-14 21:20:00 | Thanks. Lovsan is(was) in C:\winnt\system32\msblast.exe Yesterday it was in C:\winnt\system32\mslaugh.exe The day before it was in c:\winnt\system32\enbiei.exe The day before that in the same file, but that was lovsanF any ideas? I am running widows 2000, not sure if it has a sytem restore feature |
ptopz (4662) | ||
| 215555 | 2004-02-14 21:30:00 | Win2000 does not have a System Restore. It appears that you have the Blaster worm as those names are alias of them. Have you been getting RPC shutdown messages whilst connected to the internet? Did you install the patch from Microsoft? You should have this patch (www.microsoft.com) installed. What sort of firewall do you use? |
Jen C (20) | ||
| 215556 | 2004-02-14 21:49:00 | Thanks again. No internet shutdown messages. No firewall. I have never got my head around them and am not even sure what they are or how they work. Am downloading the patch as I speak. Do you think I am being reinfected each time or that the worm "resides within"? |
ptopz (4662) | ||
| 215557 | 2004-02-14 22:02:00 | Try doing a remote Virus Scan on your system and see what is found. Click HERE (http://securityresponse.symantec.com/) and then click on Security Check to do a remote scan. I also do recommend a firewall. Go to www.zonelabs.com and have a read of the FAQ for some info on what they do etc. Zonealarm is one of the more common free firewalls and more than adequate for the average user. Being widely used you will also be able to find someone who can help you if any problems do arise. |
dipstick01 (445) | ||
| 215558 | 2004-02-14 22:07:00 | You should read this (homepage.mac.com) on how to remove the lovsan blaster worm, and run the Symantec removal tool which is linked to on this site. Do this as soon as you can! | Terry Porritt (14) | ||
| 215559 | 2004-02-14 22:08:00 | Unfortunately a firewall these days is a must along with an Antiviral software program that is kept up to date. There are a variety of firewalls that you can use that are free. ZoneAlarm (www.zonelabs.com) - free edition, is very easy to use and quite popular. Agnitum Outpost (www.agnitum.com) - free edition, also very good. Keiro (www.kerio.com) - free edition, very good but may require a little more user input to configure the settings. >Do you think I am being reinfected each time or that the worm "resides within"? You are probably being reinfected each time you connect to the internet. The Windows Update site has some links on how to secure your computer - you will see them to the right of the page as Steps 1 2 3. It has some useful information. |
Jen C (20) | ||
| 215560 | 2004-02-16 10:12:00 | Thanks heaps for all your help. | ptopz (4662) | ||
| 1 | |||||