Is this a Super Virus? Undetected by all AV?

  Gaz 25 13:08 25 Jun 03
Locked

Some very strange happenings have been going on.

I have posted some here.

For a start, connections in XP were dissapering.

Next all files were changed to READ ONLY so it caused problems with programs.

The computer crashes and locks up a lot with svchost using up 59% and then 0% then 90%, and goes on like that, it does then stop, but if I close svchost the funnies dont happen till next restart.

Just now, Administrative tools > has appeared for no reason, I have not asked it too, and programs started duplicating the entries.

Aswell as many other wierd things, such as settings changing and things not working.

I have not only run scans by leading AV companies such as Trend Micro, Norton and Panda, etc as well as McAffe, I have added the Cleaner 3, and spyware guards.

Is this normal or is it a VIRUS?

I heard that if funny things are going on with your PC a virus is a probable culprit but my AV would detect that surely?


I also run Grisoft AVG 6.0 software as installed and the others were Online scans, I have updated my AV every week.

Can anyone help?

Regards,
Gareth

  -pops- 13:15 25 Jun 03

Have you done a system restore to before these things were happening?

  Gaz 25 13:16 25 Jun 03

Its always happened.

  Gaz 25 13:19 25 Jun 03

I have tried that and it restores the changes but then it just happens again.

All of this seems to do a loop too, the same problem happens again a few weeks afterwords, very odd.

I have also checked all my files and run a Windows repair. No answer. To Norton that say it IS a virus which the online scan will remove, but it says I am clean.

Any ideas from you would be of great help.

Regards,
Gareth

  -pops- 13:21 25 Jun 03

If it's always happened I'm surprised you have not worried about it before now. As it is, it suggests to me that there is something amiss with your Windows setup rather than anything it has picked up.

Perhaps a new installation of your O/S would cure it?

  keith-236785 15:20 25 Jun 03

click here , download and install the 30 day trial Anti-Trojan scanner.

run it and see if you have a trojan on your system, ATShield will not delete the trojan (you will have to do that manually unless you pay for the upgrade.

have a look and post back if you find something

good luck

  Jester2K II 15:27 25 Jun 03

More importantly you need to tell us what programs are starting on your PC.

Download Autoruns click here and then run the program. Goto the view menu and choose Copy To Clipboard. Paste the results back here.

All the virus scanners in the world might not detect a rare virus / malicious program but the human eye might if we see something we can't explain...

  DieSse 15:29 25 Jun 03

Then it can't be a virus, as there must have been a time before any virus infection.

Download and run a good memory test program. click here

  woodchip 16:10 25 Jun 03

This can be caused by Over clocking a CPU, Not saying that you have but you may not have got some settings right for the CPU when you boot up what Speed does it say, is it the same as your CPU. It could also be memory fault

  Gaz 25 17:35 25 Jun 03

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceExHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run+ SOUNDMAN.EXE
+ RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
+ nwiz.exe /install
+ anvshell.exe
+ livenote.exe
+ C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
+ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
+ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
+ C:\Program Files\Creative\Creative Desktop Wireless\KbDriver_2K.exe
+ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
+ "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run+ C:\WINDOWS\System32\ctfmon.exe
+ "C:\Program Files\Messenger\msmsgs.exe" /background
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnceHKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesHKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnceC:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ desktop.ini
+ Microsoft Office.lnk -> C:\PROGRA~1\MICROS~4\Office10\OSA.EXE
C:\Documents and Settings\Gareth Roberts\Start Menu\Programs\Startup
+ desktop.ini
+ Realtime scanner.lnk -> C:\PROGRA~1\SPYWAR~2\sgmain.exe
+ SpywareGuard.lnk -> C:\PROGRA~1\SPYWAR~2\sgmain.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad+ PostBootReminder -> %SystemRoot%\system32\SHELL32.dll
+ CDBurn -> %SystemRoot%\system32\SHELL32.dll
+ WebCheck -> %SystemRoot%\System32\webcheck.dll
+ SysTray -> C:\WINDOWS\System32\stobject.dll
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Policies\Microsoft\Windows\System\Scripts
HKLM\Software\Policies\Microsoft\Windows\System\Scripts
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceExC:\WINDOWS\win.ini
Task Scheduler
+ C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

It has had more memory and a test shows it is Ok.

Also the PC is NOT overclocked becuase in the long term this would not be good.

NO Trojan was found.

Hop someone can help me.

Regards,
Gareth

PS. Thanks for suggestions so far.

  Gaz 25 17:49 25 Jun 03

It seams to have gone long.

Regards,
Gareth

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…