MSN My Photos virus

[Dino M]

I am sorry if this is the incorrect group to post this in but I thought it
looked a decent place to start.


I have a virus on my pc and I was wondering if any of the experts on here
could help me out, PLEASE.

It was sent via MSN (well Windows Live Messenger is the new name for it) and
it was a rar file that was called My Photos, then a message that said
something like Have a look at the photos of my workplace)

The worrying thing is that AVG was totally up to date and when it scanned
the incoming file it said no threats found, so my wife extracted the photos
and that is when it went a bit weird and shut each MSN contact window down
and then closed MSN down.

I just thought I would give you the brief details on what or how it got onto
my pc. I might have been stupid but when AVG scanned and said it was OK she
did not think.

I have managed to run AVG, Ad Aware and Windows Defender (which for some
reason when all these programs found something it moved them to the AVG
Virus Vault) and it has now found all of these trojans and worms.

This is the list from my AVG Virus Vault

Virus Identified Worm/VB.AUG
Trojan horse Backdoor.Ircbot.AK
Trojan Horse Dropper.Delf.EL
Trojan horse Downloader.Istbar.9.AV
Virus Identified Worm /Sumom.C
Trojan horse Downloader.Agent,MLM

I am guessing that the if a file is in the AVG Virus Vault it is no longer
harmful to the pc, or am I mistaken.

I know it is a pain but I wanted to ask first before I did something else
that was stupid.

 

[Phil Weldon]

'Dino M' wrote, well, a whole lot, but:

What's the question?

Phil Weldon

|I am sorry if this is the incorrect group to post this in but I thought it
| looked a decent place to start.
|
|
| I have a virus on my pc and I was wondering if any of the experts on here
| could help me out, PLEASE.
|
| It was sent via MSN (well Windows Live Messenger is the new name for it)
and
| it was a rar file that was called My Photos, then a message that said
| something like Have a look at the photos of my workplace)
|
| The worrying thing is that AVG was totally up to date and when it scanned
| the incoming file it said no threats found, so my wife extracted the
photos
| and that is when it went a bit weird and shut each MSN contact window down
| and then closed MSN down.
|
| I just thought I would give you the brief details on what or how it got
onto
| my pc. I might have been stupid but when AVG scanned and said it was OK
she
| did not think.
|
| I have managed to run AVG, Ad Aware and Windows Defender (which for some
| reason when all these programs found something it moved them to the AVG
| Virus Vault) and it has now found all of these trojans and worms.
|
| This is the list from my AVG Virus Vault
|
| Virus Identified Worm/VB.AUG
| Trojan horse Backdoor.Ircbot.AK
| Trojan Horse Dropper.Delf.EL
| Trojan horse Downloader.Istbar.9.AV
| Virus Identified Worm /Sumom.C
| Trojan horse Downloader.Agent,MLM
|
| I am guessing that the if a file is in the AVG Virus Vault it is no longer
| harmful to the pc, or am I mistaken.
|
| I know it is a pain but I wanted to ask first before I did something else
| that was stupid.
|
|

 

[Dino M]

'Dino M' wrote, well, a whole lot, but:

What's the question?

Phil Weldon

|I am sorry if this is the incorrect group to post this in but I thought
it
| looked a decent place to start.
|
|
| I have a virus on my pc and I was wondering if any of the experts on
here
| could help me out, PLEASE.
|
| It was sent via MSN (well Windows Live Messenger is the new name for it)
and
| it was a rar file that was called My Photos, then a message that said
| something like Have a look at the photos of my workplace)
|
| The worrying thing is that AVG was totally up to date and when it
scanned
| the incoming file it said no threats found, so my wife extracted the
photos
| and that is when it went a bit weird and shut each MSN contact window
down
| and then closed MSN down.
|
| I just thought I would give you the brief details on what or how it got
onto
| my pc. I might have been stupid but when AVG scanned and said it was OK
she
| did not think.
|
| I have managed to run AVG, Ad Aware and Windows Defender (which for some
| reason when all these programs found something it moved them to the AVG
| Virus Vault) and it has now found all of these trojans and worms.
|
| This is the list from my AVG Virus Vault
|
| Virus Identified Worm/VB.AUG
| Trojan horse Backdoor.Ircbot.AK
| Trojan Horse Dropper.Delf.EL
| Trojan horse Downloader.Istbar.9.AV
| Virus Identified Worm /Sumom.C
| Trojan horse Downloader.Agent,MLM
|
| I am guessing that the if a file is in the AVG Virus Vault it is no
longer
| harmful to the pc, or am I mistaken.
|
| I know it is a pain but I wanted to ask first before I did something
else
| that was stupid.
|
|

I wanted to know how I can get rid of these. I have tried running a scan
again but it does not complete and still finds Downloader.Istbar.9.AV in a
couple of files in C/RECYCLER

Sorry I thought I mentioned this.

 

[foghollow]

I wanted to know how I can get rid of these. I have tried running a scan
again but it does not complete and still finds Downloader.Istbar.9.AV in a
couple of files in C/RECYCLER

You might try emptying the Recycle Bin

 

[Phil Weldon]

'Dino M' wrote:
| I wanted to know how I can get rid of these. I have tried running a scan
| again but it does not complete and still finds Downloader.Istbar.9.AV in a
| couple of files in C/RECYCLER
|
| Sorry I thought I mentioned this.
_____

Files in the 'Virus Vault' are infected or malicious files that have been
detected and moved there by the antivirus program. It is not possible to
open these files. They are not a danger, but you can use the antivirus
program that put the files there to empty the 'Virus Vault'. Evidently your
AVG DID detect these files and removed them to the 'Virus Vault'.
Perhaps you have already emptied the 'Virus Vault' so these files are now in
the 'Recycle Bin'. Just empty the 'Recycle Bin' (since the files have
already been identifed if you were to recover these files AVG would just
remove them and put them in the 'Recycle Bin' [ C:\RECYCLER is the 'Recycle
Bin.] ).

Now, what do you mean by "I have tried running a scan again but it does not
complete ..."? Exactly what happens? It is still not completely clear what
you are reporting; which antimalware program did what, and why do you think
you are now infected?

Phil Weldon

|
| | > 'Dino M' wrote, well, a whole lot, but:
| >
| > What's the question?
| >
| > Phil Weldon
| >
| > | > |I am sorry if this is the incorrect group to post this in but I thought
| > it
| > | looked a decent place to start.
| > |
| > |
| > | I have a virus on my pc and I was wondering if any of the experts on
| > here
| > | could help me out, PLEASE.
| > |
| > | It was sent via MSN (well Windows Live Messenger is the new name for
it)
| > and
| > | it was a rar file that was called My Photos, then a message that said
| > | something like Have a look at the photos of my workplace)
| > |
| > | The worrying thing is that AVG was totally up to date and when it
| > scanned
| > | the incoming file it said no threats found, so my wife extracted the
| > photos
| > | and that is when it went a bit weird and shut each MSN contact window
| > down
| > | and then closed MSN down.
| > |
| > | I just thought I would give you the brief details on what or how it
got
| > onto
| > | my pc. I might have been stupid but when AVG scanned and said it was
OK
| > she
| > | did not think.
| > |
| > | I have managed to run AVG, Ad Aware and Windows Defender (which for
some
| > | reason when all these programs found something it moved them to the
AVG
| > | Virus Vault) and it has now found all of these trojans and worms.
| > |
| > | This is the list from my AVG Virus Vault
| > |
| > | Virus Identified Worm/VB.AUG
| > | Trojan horse Backdoor.Ircbot.AK
| > | Trojan Horse Dropper.Delf.EL
| > | Trojan horse Downloader.Istbar.9.AV
| > | Virus Identified Worm /Sumom.C
| > | Trojan horse Downloader.Agent,MLM
| > |
| > | I am guessing that the if a file is in the AVG Virus Vault it is no
| > longer
| > | harmful to the pc, or am I mistaken.
| > |
| > | I know it is a pain but I wanted to ask first before I did something
| > else
| > | that was stupid.
| > |
| > |
|
|
|
| I wanted to know how I can get rid of these. I have tried running a scan
| again but it does not complete and still finds Downloader.Istbar.9.AV in a
| couple of files in C/RECYCLER
|
| Sorry I thought I mentioned this.
|
|

 

[Dino M]

Files in the 'Virus Vault' are infected or malicious files that have been

detected and moved there by the antivirus program. It is not possible to
open these files. They are not a danger, but you can use the antivirus
program that put the files there to empty the 'Virus Vault'. Evidently
your
AVG DID detect these files and removed them to the 'Virus Vault'.
Perhaps you have already emptied the 'Virus Vault' so these files are now
in
the 'Recycle Bin'. Just empty the 'Recycle Bin' (since the files have
already been identifed if you were to recover these files AVG would just
remove them and put them in the 'Recycle Bin' [ C:\RECYCLER is the
'Recycle
Bin.] ).

Now, what do you mean by "I have tried running a scan again but it does
not
complete ..."? Exactly what happens? It is still not completely clear
what
you are reporting; which antimalware program did what, and why do you
think
you are now infected?

Phil Weldon

I have to admit I am not that technically minded, which is why I probably
have not described things as I should have and why I have asked on here.

I did not realise that the Recycle Bin had not been emptied, as I have
emptied it now, I just did put 2 and 2 together and realise the RECYCLER was
the Recycle bin and yes I do feel stupid.

I will run a scan again but I what I meant when I said the scan did not
complete was

1. I tried running the AVG scan in Safe Mode twice, as both times the pc
crashed and obviously the scan did not complete so I started the pc in
normal mode.

2. I then run the AVG scan in Normal Mode and it found the 2 files I
mentioned in C:/RECYCLER, (as I said above, I did not realise the recycle
bin had not been emptied at this point) but the scan was run overnight and
it was as if the scan was still running, as the time on the scan was still
going OK, but no files were being scanned, as it looked as it had frozen on
a particular file, plus the time it had been scanning was over 7 hours,
which is why I think it had frozen as a normal scan before would take on
average 90 minutes. The pc would not let me do anything but move the mouse
cursor about on the screen but nothing could be activated by clicking on the
mouse, so I had nothing to do but to switch the pc off and then on again.

I know that was not the most technical description but that is exactly what
happened.

I will rescan again now and see if it finds anything else.

I would just like to thank those that have helped, as it is appreciated, I
am just sorry that I have not been more technical for you.

 

[Phil Weldon]

'Dino M. wrote, in part:
| I have to admit I am not that technically minded, which is why I probably
| have not described things as I should have and why I have asked on here.
|
| I did not realise that the Recycle Bin had not been emptied, as I have
| emptied it now, I just did put 2 and 2 together and realise the RECYCLER
was
| the Recycle bin and yes I do feel stupid.
|
| I will run a scan again but I what I meant when I said the scan did not
| complete was
|
| 1. I tried running the AVG scan in Safe Mode twice, as both times the pc
| crashed and obviously the scan did not complete so I started the pc in
| normal mode.
|
| 2. I then run the AVG scan in Normal Mode and it found the 2 files I
| mentioned in C:/RECYCLER, (as I said above, I did not realise the recycle
| bin had not been emptied at this point) but the scan was run overnight and
| it was as if the scan was still running, as the time on the scan was still
| going OK, but no files were being scanned, as it looked as it had frozen
on
| a particular file, plus the time it had been scanning was over 7 hours,
| which is why I think it had frozen as a normal scan before would take on
| average 90 minutes. The pc would not let me do anything but move the mouse
| cursor about on the screen but nothing could be activated by clicking on
the
| mouse, so I had nothing to do but to switch the pc off and then on again.
_____

No need to apologize for "not have been more technical for you." We should
not HAVE to be technical to use computers successfully - that sort of
defeats one of the most compelling benefits of computers. But a complete
report of your observations is necessary for diagnosis-at-a-distance. Not
being face-to-face, it is difficult to have a rapid back-and-forth to home
in on the problem; no one else can actually SEE your system and its
responses. That, unfortunately, puts more of a burden on YOU to be as
complete and as organized in your observations as possible. But you should
NOT have to have a technical understanding of your system - if you did, then
you might not need to post in the first place B^)

Now you have given more information on the scan failure to complete. I have
to admit the new information is troubling as it points to something still
being wrong with your system, but I have no ideas on WHAT. Were it my
system, I would next try 'Multi-AV'. 'David H. Lipman' posts about this in
anti-malware newsgroups. The Multi-AV Scanner uses three antivirus scanners
to diagnose and perhaps fix malware problems. David H. Lipman is one of the
most prolific, respected, and helpful posters in anti-malware newsgroups;
you can search for his posts using his name. Below is from his posts about
'Multi-AV'.

+++++

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.

You can choose to go to each menu item and just download the needed files or
you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to
run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

+++++

Phil Weldon


|> Files in the 'Virus Vault' are infected or malicious files that have been
| > detected and moved there by the antivirus program. It is not possible
to
| > open these files. They are not a danger, but you can use the antivirus
| > program that put the files there to empty the 'Virus Vault'. Evidently
| > your
| > AVG DID detect these files and removed them to the 'Virus Vault'.
| > Perhaps you have already emptied the 'Virus Vault' so these files are
now
| > in
| > the 'Recycle Bin'. Just empty the 'Recycle Bin' (since the files have
| > already been identifed if you were to recover these files AVG would just
| > remove them and put them in the 'Recycle Bin' [ C:\RECYCLER is the
| > 'Recycle
| > Bin.] ).
| >
| > Now, what do you mean by "I have tried running a scan again but it does
| > not
| > complete ..."? Exactly what happens? It is still not completely clear
| > what
| > you are reporting; which antimalware program did what, and why do you
| > think
| > you are now infected?
| >
| > Phil Weldon
|
|
| I have to admit I am not that technically minded, which is why I probably
| have not described things as I should have and why I have asked on here.
|
| I did not realise that the Recycle Bin had not been emptied, as I have
| emptied it now, I just did put 2 and 2 together and realise the RECYCLER
was
| the Recycle bin and yes I do feel stupid.
|
| I will run a scan again but I what I meant when I said the scan did not
| complete was
|
| 1. I tried running the AVG scan in Safe Mode twice, as both times the pc
| crashed and obviously the scan did not complete so I started the pc in
| normal mode.
|
| 2. I then run the AVG scan in Normal Mode and it found the 2 files I
| mentioned in C:/RECYCLER, (as I said above, I did not realise the recycle
| bin had not been emptied at this point) but the scan was run overnight and
| it was as if the scan was still running, as the time on the scan was still
| going OK, but no files were being scanned, as it looked as it had frozen
on
| a particular file, plus the time it had been scanning was over 7 hours,
| which is why I think it had frozen as a normal scan before would take on
| average 90 minutes. The pc would not let me do anything but move the mouse
| cursor about on the screen but nothing could be activated by clicking on
the
| mouse, so I had nothing to do but to switch the pc off and then on again.
|
| I know that was not the most technical description but that is exactly
what
| happened.
|
| I will rescan again now and see if it finds anything else.
|
| I would just like to thank those that have helped, as it is appreciated, I
| am just sorry that I have not been more technical for you.
|
|
|