|
-
March 12th, 2004, 11:37 AM
#1
Virus'd but not detected
Hi all,
Win Xp Home - completely updated
P4 2.4Ghz
Broadband connection
EZ Armor suite - Firewall (Zonealarm pro rebadged) and Antivirus.
No other significant apps, as Recovery CD was only used a few days ago.
I am trying to clear what I am convinced is a virus infection from a friends PC, yet both Trend Micros Online Virus scan and EZ Antivirus dont pick up a thing. If I run REGEDIT, MSCONFIG or the EZ Antivirus they shutdown within a few seconds. I managed to rename REGEDIT and remove a reference to EXPLORER.EXE (agobot, i think) but something still kills the required apps after a re-start. I have scanned the entire PC in Safemode with all the settings in EZ Antivirus on so that any infected files it can't clean are wiped out but it finds nothing. I also scanned it in Safemode with the online scanner with no luck.
Another symptom is that in Task Manager, the CPU utilisation is 100% all the time and never dips. I found 2 x Explorer.exe's running, and End Tasked the higher utilisation one which seemed to do nothing. There was also several SVCHOST's running, one of which was at 50-60% - when I End Tasked this, the CPU dropped to the more usual 8-20%.
I ran Spybot and Ad-aware which produced few results, all of which were corrected.
Has anyone got any idea what this could be - the symptoms are mixed and could be any number of virus's.
He has recently restored XP but I believe he went online before he had updated XP and installed a firewall/anti virus. A "complete wipe out and re-install" is impossible because his XP cd is only a recovery version (nasty store bought thing).
Is a DOS based scan the next thing to try?
Oh, another thing worth mentioning is that the friend lives 200 miles away, I do all this through Remote Assistance as he is not exactly knowledgeable around Pc's.
Any help or ideas would be VERY welcome!!
Gav
-
March 12th, 2004, 12:15 PM
#2
Registered User
-
March 17th, 2004, 10:34 AM
#3
Virus'd but not detected
 Originally Posted by edball
Thanks for the reply Edball - Here's what I did in the end:-
As MSCONFIG would close after 5 secs, I copied the MSCONFIG file and renamed it. Same for REGEDIT. I un-selected all suspicious files in Startup, and then re-named them all. This stopped the problem after a re-boot. CPU down to usual 8-20%.
I re-ran the EZ AV scanner, and the Trend Micro online scanner, and they still reported no virus infection - only conclusion is it was an unknown virus (VERY unlikely, I know). Friend is now happy and I've learned how to use Remote Assistance, so alls well in the end.
I also ordered him to remove Kazaa from his PC, else I wouldn't help him out again!
Thanks again for the advice!
Gav
Similar Threads
-
By Virago in forum Hard Drive/IDE/SCSI Drivers
Replies: 10
Last Post: April 26th, 2002, 09:43 AM
-
By Gareth in forum CD-ROM/CDR(-W)/DVD Drivers
Replies: 2
Last Post: March 18th, 2001, 02:20 PM
-
By warlock9999 in forum Video Adapter/Monitor Drivers
Replies: 1
Last Post: June 22nd, 2000, 03:36 AM
-
By GaryW in forum BIOS/Motherboard Drivers
Replies: 0
Last Post: June 21st, 2000, 05:20 PM
-
By koolbrew in forum Windows 95/98/98SE/ME
Replies: 13
Last Post: July 18th, 1999, 12:18 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks