Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: seathach on March 30, 2006, 02:14:46 PM

Title: Unkown virus
Post by: seathach on March 30, 2006, 02:14:46 PM
Hi there,

I am currently running avg and according to that I have no infections but when I do a zonealarm anti virus scan it says I have 2 'Win32.Secdrop.JS' active and it says there is no treatment available.

Can anyone help me with this?

Cheers

Seathach  :D
Title: Re: Unkown virus
Post by: winchester73 on March 30, 2006, 03:18:14 PM
Maybe they are in the AVG virus vault?  If so, ZA would detect that they are still on your computer, even though they are not active.

Does ZA give you a file path?

For a second opinion, try the Kaspersky online scanner:  http://www.kaspersky.com/virusscanner

It takes quite a while, so go grab a cup of coffee while it is searching.  If anything is found, it found clean it, but it will report on the location for manual nuking.
Title: Re: Unkown virus
Post by: seathach on March 30, 2006, 04:06:19 PM
Thanks for your reply.

ZA says the virus is active and is in file path:

C:\System Volume Information\_restore(F46579BE...

I will check out your link as well.

Thanks

Seathach  :D
Title: Re: Unkown virus
Post by: GR@PH;<'S on March 30, 2006, 04:47:54 PM
seathach,
QuoteZA says the virus is active and is in file path:

C:\System Volume Information\_restore(F46579BE...
The item or items that are  displaying are in the restore folder.
XP has the capability called System Restore. My advice is to empty the system restore folder and the create a new restore point. To do this
Click Start, and then right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart the computer.
All data, including the items and registry entries will be removed from the restore folder.
After restarting the computer, "Re-enable System Restore"
  before going any further you need now to create a fresh restore point
after you have done this please can you download Ad-aware SE Build 106 (http://lavasoft.element5.com/support/download)
once installed use the WebUpDate
to get the latest Definition file
(SE1R101 27.03.2006) then scan  doing a  "Full Scan" (http://www.lavasofthelp.com/howto/scan_se/) and then post your logfile here by using the Add-Reply Feature .

GR@PH;<'S   :breakkie:
Title: Re: Unkown virus
Post by: winchester73 on March 30, 2006, 05:11:52 PM
Thanks GR@PH;<'S   ...  :thumbsup:

Have one on me   :hammy:
Title: Re: Unkown virus
Post by: GR@PH;<'S on March 30, 2006, 05:14:06 PM
winchester73,
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsmilies.sofrayt.com%2Ffsc%2Fgentleman.gif&hash=6c1090d9e743a45850d1ab96b5ae1394649c9d02)

GR@PH;<'S   :breakkie:
Text only | Text with Images