| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 82800 | 2007-09-08 20:01:00 | Hijack This Virus/Worm Identified by AVG | Grimy (3041) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 589307 | 2007-09-08 20:01:00 | Hi, When starting the PC this morning AVG popped up a warning that it had detected a threat and healed it. I went into AVG for details and this is the report. "Virus identified worm/generic.DHT c:\Program Files\Trend Micro\Hijack This\Hijack This.exe Backup copy Infected" The Hijack This Icon on the desktop has changed to a generic squre which can't be opened "Windows cannot access the specified device,path or file..." Which I guess is because AVG has "healed" it. What gives? I thought Hijack This was meant to be my friend! Do I go to Add/Remove programs and remove HJT completely, or what? Thanks. |
Grimy (3041) | ||
| 589308 | 2007-09-08 21:04:00 | Dump AVG and use Avast Home (www.avast.com) instead. See if that picks up the same thing. Thats if you're only using AVG. And not its firewall. |
Speedy Gonzales (78) | ||
| 589309 | 2007-09-08 21:05:00 | looks like somethin has infected hjt........it's not hjt's fault and theres indeed nothing wrong with that progam at all perhaps is jsut as vulnerable as anyother also ......you used to be able to run hjt as a standalone program tho I see your version from trendmicro is an installed one.......older ones and this one im not sure about you could run from a cd or whatever | drcspy (146) | ||
| 589310 | 2007-09-08 21:25:00 | Hi, an hour later and I've got another one. "Virus identified Worm/Generic.DHT c;\System Volume Information\_restore{7193A61F-66DA-4304-9B73-D18ED0083C8F}\RP515\A0068417.exe Filename A0068417.exe In the past 7 years I've only had one virus, I'm running Zone Alarm, AVG, Spybot,Adaware and all were updated and run yesterday. Speedy, do you mean dump AVG for good and change to Avast? AVG seems to be doing its job, as it has alerted me to, and healed these attacks? Can I use Go Back to restore the PC to last night before these happened, or once the virus is there, will something remain? Thanks again for the advice. |
Grimy (3041) | ||
| 589311 | 2007-09-08 21:51:00 | Disable System restore boot into safe mode, show all files and system folders in my computer. Right mouse / properties on the System volume information folder / security tab. Then advanced down the bottom / add. Type in the name which shows up the top when u click on the start button then click on check names, then OK till you get out of those windows. Open the System volume information folder / select all and delete everything in that folder. If there's more than 1 partition,do the same for the others, then reboot. Do a thorough scan with AVG, of the WHOLE hdd, then enable SR again if you want it. |
Speedy Gonzales (78) | ||
| 589312 | 2007-09-08 22:39:00 | AVG's advise if you get files that you think are OK being flagged as viruses is to upload the file to http://virusscan.jotti.org/ where it is scanned by the latest version of all the major AV scanners. If it is a false positive by AVG then contact them. Details on the AVG site. | PaulD (232) | ||
| 589313 | 2007-09-08 23:22:00 | I had the same Hijackthis alert last night as well, I say it is an AVG false positive. I just got a new update from AVG and now there is no detection of that Hijack exe as being infected. |
zqwerty (97) | ||
| 589314 | 2007-09-09 03:03:00 | Thanks guys. I did use Go Back and seem to have got rid of the 2nd alert. The Hijack This is still there. I was/am going to to a back up of my sons homework/wife's photos and try rolling it back a bit further to early yesterday afternoon. I did an AVG update yesterday and checked again this morning for updates, but it said there were none. Will keep checking. I've printed out your instructions Speedy, so that I can try that if need be, but as I say, at present the 2nd one seems to have disappeared since rolling the system back. |
Grimy (3041) | ||
| 589315 | 2007-09-09 10:36:00 | I did as Speedy suggested and deleted AVG and installed Avast and did a complete scan. This showed nothing wrong, nor did Trojan and Rogue Remover (they hadn't before either). Then as a double check I removed Avast and reinstalled AVG and repeated the scan. This time it came up clean as well. I had tried uploading the file to the virus scan site, but I kept getting a message that it was blocked either by my firewall or malicious code (I would have thought well yes- it is possibly a virus!). I didn't really want to switch off my firewall. Speedy, is there a particular reason you recommend Avast over AVG? As always, thanks for all your help and suggestions. |
Grimy (3041) | ||
| 589316 | 2007-09-09 20:20:00 | Speedy, is there a particular reason you recommend Avast over AVG? As always, thanks for all your help and suggestions. No, but most of the HJT logs in here seem to have AVG on them, and somehow, the person has still managed to get something nasty. |
Speedy Gonzales (78) | ||
| 1 2 | |||||