Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
"Diane J" wrote:
> I'm having a similar problem as the other people but my AVG virus detector is
> finding many, many javabyte/verify virus, not on the scan but as a regular
> popup on the screen. I can't heal,delete or move them to the vault as it says
> "Requested action is not available for this object" I am doing your
> "Housecall" scan as we speak. My virus's are "found" in the
> C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
> work I deleted the Java program(?) off the computer and this message is still
> coming up.
> I was comparing AVG against NAV before I get rid of one of these off my
> computer and NAV is not even finding one occurence of this virus so whats
> going on? Is it a real virus or not? If it is, should I be able to get rid of
> it with the same answer as the one below?
One more thing--I do have that patch on my computer but I probably have a
couple hundred of these virus messages popping up on a regular basis. Where
are they coming from, is there a backdoor open? and how do I stop them from
coming back in???
>
> "Malke" wrote:
>
> > Billjones85 wrote:
> >
> > > I recently (stupidly) downloaded a few .exe files via a filesharing
> > > internet program and I seem to have picked up the above. AVG antivirus
> > > detects it but I can't delete it - it says it is an 'infected embedded
> > > object'?
> > >
> > > I started the PC this morning and it halted itself with a message
> > > (can't remember full details) saying something was trying to 'write to
> > > read only memory'?? From my limited knowledge this sounds like a
> > > virus. I reset the PC and it started OK.
> > >
> > > Can anyone help me get rid of this one?
> >
> > Start by running TrendMicro's Sysclean in Safe Mode:
> >
> > TrendMicro's Sysclean is an extensive antivirus tool which has the
> > advantage of not needing to be installed. It requires two parts - the
> > scanning engine and the virus pattern files.
> >
> > 1. Create a new folder on your Desktop or the C: drive named something
> > useful like "Sysclean".
> > 2. Go here and download the two parts of the program to that folder:
> >
> >
http://www.trendmicro.com/download/dcs.asp - Sysclean
> >
http://www.trendmicro.com/download/pattern.asp - virus pattern files
> >
> > The pattern files will be zipped - extract them with your unzipper (like
> > WinZip) or if you have XP, you can just open the folder. You need to
> > put the extracted files in the Sysclean folder you made.
> >
> > 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> > tapping the F8 key as the computer is starting up to get to the proper
> > menu.
> > 4. Go to the Sysclean folder you made and double-click on sysclean.com.
> > Start the scan. After the scan is finished, look at the log. You may
> > need to make a note of where any viruses were found if they were not
> > able to be removed so you can manually delete them.
> >
> > Then update AVG and do a full scan with it in Safe Mode.
> >
> > After you've done that, continue to clean house by:
> >
> > 1) Scan in Safe Mode with current version (not earlier than 2004)
> > antivirus using updated definitions. (Obviously you will have already
> > done this.)
> >
> > Before you remove malware, get LSPFix (or WinSockFix for XP which you
> > can get from MajorGeeks) - see links below.
> >
> > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> > programs are free, so use them both since they complement each other.
> > There is a new version of CWShredder from Intermute. I would not
> > install the other Intermute programs, however. Alternately, there are
> > CoolWebSearch malware removal steps at SilentRunners.
> >
> > Be sure to update these programs before running, and it is a good idea
> > to do virus/spyware scans in Safe Mode. Make sure you are able to see
> > all hidden files and extensions (View tab in Folder Options).
> >
> > If the malware remains even after you used Ad-aware and Spybot, you can
> > scan with HijackThis. HijackThis is an excellent tool to discover and
> > disable hijackers, but it requires expert skill. See below for
> > HijackThis links, including sites where you can post your HJT logs. A
> > combination of HijackThis and About:Buster works well in removing the
> > About:Blank homepage hijacker. Again, this is an expert tool and
> > novices should get help with it.
> >
> > 3) If you are running Windows ME or XP, you should disable/enable System
> > Restore after the system is clean because malware will be in the
> > Restore Points. With ME, you must disable System Restore completely.
> > With XP, you can delete all but the most recent (presumably clean)
> > System Restore point from the More Options section of Disk Cleanup
> > (Run>cleanmgr).
> >
> > 4) Make sure you've visited Windows Update and applied all security
> > patches. Do not install driver updates from Windows Update.
> >
> > 5) Run a firewall.
> >
> > Links to help with malware:
> >
> > Software/Methods:
> >
http://www.safer-networking.org - Spybot Search & Destroy
> >
http://www.lavasoftusa.com - Ad-aware
> >
http://www.majorgeeks.com - good download site
> >
http://www.intermute.com/spysubtract/cwshredder_download.html
> > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> >
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> > removing spyware
> >
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
> >
> > HijackThis:
> >
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> > Eshelman
> >
http://aumha.net - forums
> >
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> > forum
> > http://www.wilderssecurity.com/
> > http://forums.tomcoyote.org/
> >
> > General:
> >
http://aumha.net - look under "Security" for various forums
> >
http://rgharper.mvps.org/cleanit.htm
> >
http://mvps.org/winhelp2002/unwanted.htm
> >
http://www.aumha.org/a/parasite.htm - The Parasite Fight
> >
http://www.spywarewarrior.com/rogue_anti-spyware.htm
> >
> > Malke
> > --
> > MS MVP - Windows Shell/User
> > Elephant Boy Computers
> > www.elephantboycomputers.com
> > "Don't Panic!"
> >