Virus in a file that is always running

[Bram L.]

My virus scanner has found a Backdoor.coreflood virus in a
file called DS32GVXS.dll in C:\Windows\system32.
This file was not fixable, quaratinable or deletable. I
followed the advice of Symantec, and deleted a reg file
related to this file, and the virus is still there, and
still non removable. In safe mode, I can't manually delete
the file, as I get the message :this file is in use.
My computer actually works fine if I turn off the Auto-
scan feature of Norton. When the autoscan is on, it finds
the virus, over and over, never letting me close the
dialog box. I have disconnected my cable until I get this
fixed.
Appreciate anyone's ideas.

 

[Carey Frisch [MVP]]

The nasty little virus could be hiding in System Restore.
Turn off System Restore, reboot, and run a virus scan again.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------


| My virus scanner has found a Backdoor.coreflood virus in a
| file called DS32GVXS.dll in C:\Windows\system32.
| This file was not fixable, quaratinable or deletable. I
| followed the advice of Symantec, and deleted a reg file
| related to this file, and the virus is still there, and
| still non removable. In safe mode, I can't manually delete
| the file, as I get the message :this file is in use.
| My computer actually works fine if I turn off the Auto-
| scan feature of Norton. When the autoscan is on, it finds
| the virus, over and over, never letting me close the
| dialog box. I have disconnected my cable until I get this
| fixed.
| Appreciate anyone's ideas.

 

[myob]

you should try restarting the computer and hit F8 until
you get the menu where you start the computer in safe
mode. Try getting rid of the virus there. It should not
run.

 

[Guest]

I did that already. Virus scan still finds the same virus
in the same file, and can't deal with it, and I can't
manually remove it. I find it easilly with explorer! It's
described as an application extension, 154 kb, unknown
application, residing in windows/system32/.
Any other ideas?

 

[Carey Frisch [MVP]]

You may wish to try the Panda ActiveScan Free Online Scanner.
Just click on the "Scan your PC" box.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------


|I did that already. Virus scan still finds the same virus
| in the same file, and can't deal with it, and I can't
| manually remove it. I find it easilly with explorer! It's
| described as an application extension, 154 kb, unknown
| application, residing in windows/system32/.
| Any other ideas?

 

[Steve Nielsen]

you should try restarting the computer and hit F8 until
you get the menu where you start the computer in safe
mode. Try getting rid of the virus there. It should not
run.

You must've missed where he said even in Safe Mode he can't delete the file.

Steve

 

[Steve Nielsen]

I did that already. Virus scan still finds the same virus
in the same file, and can't deal with it, and I can't
manually remove it. I find it easilly with explorer! It's
described as an application extension, 154 kb, unknown
application, residing in windows/system32/.
Any other ideas?

Try this info:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.coreflood.html

You might also try a different a/v product such as AVG from:

www.grisoft.com

Steve

 

[larry]

the Symantec link looks like good info.

reboot to safe maode. do a full virus scan and healing. then rename
that file by putting QQ or XX in front of the file name.

then reboot normally and see if you have lost any functionality.
monitor for a few days. if OK, then delete the file.

cheers

 

[Guest]

Good suggestions below. Also suggest you download copy of "Stinger" virus removal, then disconnect cable, run "Stinger". One thing that I've found with these hybrid viruses is that they can go many levels down right into the registry and many "virus scanner/removers" don't get down that far. I use McAfee for an all purpose and it works as well as anything else out there, but if you've got a really nasty bug like you've described I suggest a more stealth type app. Give it a try, worked for me. Might also take a look at your firewall settings while you're at it.

Cheers,

David
i