Curse

Poison Ivy · Oct 13, 2006, 04:04 AM // 04:04

I just got this spyware around 9 hours ago, because I took my Zone Alarm firewall down and threw the Windows one up, for a lower ping/less lag on both GW and Vent. After 2 games or so, this little bastard came up. It seems to be stuck in my system32\Rsvtub.dll [UPX]

I've tried everything, like running AVG/Spybot/Windows Defender/Ad-Ware SE in safemode, and a few boot scans with AVG, and nothing could seem to get the thing off my computer. It just manages to remain after EVERY time AVG or I manually delete it in normal mode. If I delete it in safe mode, it will recreate itself once I'm in normal mode again.

It's not causing any serious problems though, but if I take down the avast warning window, it will just repop up and that smartass voice wil go: causion, a virus has been detected, and it's hella annoying.

Anyone else getting this problem or have a fix, or have any sites they would reconnmend for this kinda thing, please shed some knowledge, thank you.

EF2NYD · Oct 13, 2006, 04:18 AM // 04:18

1. Boot into safe mode.
2. Browse into your local temp files directory:
e.g. C:\Documents and Settings\User\Local Settings\Temp
(you must be showing hidden files : control panel > folder options > show hidden folders and files)
3. Delete everything in there.
4. Run Disk Cleanup if possible and check everything except Compress Files.
5. Run msconfig from the Start Menu and look to see if the program is in the startup. If so, delete. Alternatively, use HiJackThis.
6. Reboot.

Poison Ivy · Oct 13, 2006, 06:39 AM // 06:39

Nope. Did every single step accordingly, that damn thing is still poping up.

The truth itself · Oct 13, 2006, 08:31 AM // 08:31

spybot s&d.
ad-aware.
dr. delete.

Pupu · Oct 13, 2006, 08:51 AM // 08:51

spy-bot in safe mode is ur best bet

altho, try do a system restore to a day before...thats is always a saviour

Poison Ivy · Oct 13, 2006, 09:34 AM // 09:34

Yeah, I've done all those listed above...as for system restore, will I loose some of my files?

EF2NYD · Oct 13, 2006, 05:07 PM // 17:07

Don't do System Restore. It tends to make things like this worse.

Poison Ivy · Oct 13, 2006, 05:22 PM // 17:22

Well any other ideas? This damn virus just won't stop bothering me. It's not doing any harm that I'm aware of, just triggering AVG's virus detection system, but I'd rather have it removed...so...any ideas left?

Mushroom · Oct 13, 2006, 07:13 PM // 19:13

I would suggest something that may seem more drastic, but is probably the best full solution.

Backup your data, and do a full wipe and reload. For a lot of virus and trojans, that is really the only way to really get rid of them. It sounds like you have multiple "dropper trojans" running in the background.

The problem with most of them is that they come out almost daily. It takes 3-14 days for the AV companies to discover them and write a removal. The problem is that by the time they find one, you have 2-5 newer versions already in your system that it can't detect yet.

It sounds like this is the circle you are in. You find some, and remove them. But since you are still infected with newer versions, it happens all over again.

Probably 75% of the computers that come into my shop are infected with virus and other malware. And it truely is an epidemic. And so far, every system that came in with P2P software (including Torrent, Kazaa, Limewire, etc) has had multiple infections. And the same goes for people that use the gambling sites. PartyPoker inserts multiple trojans and spyware when you use it, and other gambling sites are even worse.

Backup your data, then do a complete wipe and reload of your OS. Install all the updates, and a good antivirus (Norton, AVG, or Avast). And install multiple spyware programs and run them regularly. I install AdAware, SpyBot, and Microsoft Defender on every system I build or reload.

And stay away from what I call the "Dark Alleys of the Internet". That includes peer-to-peer file trading, gambling, hacker sites, and porn sites (other then the more "legitimate" ones like Playboy). This is where most trojans and malware tends to come from.

lord_shar · Oct 13, 2006, 08:33 PM // 20:33

^agreed with the above^

Asside from disabling your firewall (big no-no!), you can also get infected by connecting to a Vent or TS server if that system is either compromised or set up by its owner to deliver a trojan payload.

Skype is a safer alternative since it is centrally controlled, but you need a fast system (usually a newer PC with 2+ cores) to avoid taking a GW performance hit.

Poison Ivy · Oct 15, 2006, 06:55 AM // 06:55

Hmm...problem is, I don't have any place to backup my files to, and most of which are pretty important. I still have no clue how I got that virus, the only thing I did was log into our guild vent server, and after a while, avast goes crazy...

I'll try your solution Mushroom, when I find someplace to back up my stuff, thanks

aeroclown · Oct 15, 2006, 09:16 PM // 21:16

Might try this,

http://www.softpedia.com/get/Antivir...val-Tool.shtml

Vundo

Tarun · Oct 15, 2006, 09:48 PM // 21:48

Install Avast and let it do a boot-time scan.

If you have questions, just ask. I deal with this stuff constantly.

Malice Black · Oct 16, 2006, 08:14 AM // 08:14

I had something similar (couple pages back) I finally managed to get rid of it when I found the source of the problem IE the file that is reloading the Trojan after you have deleted it.

I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T <~~the file should look similar to that, delete that file and it should solve your problem.

The program that found it was ADware 4.0 the scan is free but you have to buy the program for it to remove the problems. Its amazing what that program finds that all the "so called" best programs completely miss.

Poison Ivy · Oct 16, 2006, 08:18 AM // 08:18

Quote:

Originally Posted by The Admins Bane

I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T <~~the file should look similar to that, delete that file and it should solve your problem.

Eh, where do I find that file ><

Malice Black · Oct 16, 2006, 10:16 AM // 10:16

Hiding in the system32 files somewhere.

Pupu · Oct 16, 2006, 10:49 AM // 10:49

Quote:

Originally Posted by EF2NYD

Don't do System Restore. It tends to make things like this worse.

actually no, its a very useful tool, it fixed my comp after a virus deleted most of my system filses...got my computer running back to speed in a matter of minutes, maybe from experiences u had made it worse, but in general its a very useful tool and a tmesaver

and not it dosent delete files...it reverts recently installed progs tho

Omega X · Oct 16, 2006, 04:24 PM // 16:24

Quote:

Originally Posted by lord_shar

^agreed with the above^

Asside from disabling your firewall (big no-no!), you can also get infected by connecting to a Vent or TS server if that system is either compromised or set up by its owner to deliver a trojan payload.

Skype is a safer alternative since it is centrally controlled, but you need a fast system (usually a newer PC with 2+ cores) to avoid taking a GW performance hit.

I wouldn't even trust Skype, its just a glorified TS/Vent anyway.

Private TS/Vent servers are less likely to cause any infection than the public ones. More than likely you know the person who runs it and they most likely know how to secure it.

Laughing Man · Oct 16, 2006, 07:41 PM // 19:41

Hmm..Skype is useful though for calling people who don't play games. I use it to talk to my friend in Sweeden (she moved there after we graduated).

I've never had a good experience with System Restore. Tried to use it to fix Oblivion and it just wound up causing more problems then it solved.

Poison Ivy · Oct 17, 2006, 01:28 PM // 13:28

Ok, so my only option now is to fine a file called I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T as suggested by Admin's Bane...

Gosh man you sure you have the right name? It looks pretty whack...and I can't find it.

Also avast is detecting the virus and showing a window that it did it...every 5 seconds. If I close the window, it pops up. If I shutdown and restard avast, it doesn't detect it.