I have used many virus programs, the likes of Sophos, Norton, McAfee and am currently trying to use AVG. The only problem is that no matter which one I use it automatically closes down after a certain amount of time with no warning, especially when I am doing a virus check on the whole of my system. At first I thought it was the virus checker itself but after trying many different ones I am pretty sure I have a virus infecting my computer unless anyone tells me otherwise. Does anyone know of a virus that shuts downs virus checkers so that it cannot be found and therefore cannot be deleted? I haven't had any other problems with my computer apart from this, and I really need a full systems check done, which I can't do at the moment. Please help. Thanks in advance. Biffo, the Godfather of making mistakes in life. Although, his Tek-Tips answers and questions are no mistakes.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Need Help on a Virus that shuts down Virus Checkers 1
- Thread starter biffo
- Start date
Hi,
Yes - bugbear.
There are tools to remove such as
HTH
Ash.
Yes - bugbear.
There are tools to remove such as
HTH
Ash.
- Thread starter
- #3
- Thread starter
- #5
-
1
- #7
Run an on-line scan (ALL files):
Anti-Trojan Software
day free trial available/Shareware)
trial version available/Shareware)
trial version available/Shareware)
day free trial/Shareware)
trial available/Shareware)
Hope this helps
Anti-Trojan Software
day free trial available/Shareware)
trial version available/Shareware)
trial version available/Shareware)
day free trial/Shareware)
trial available/Shareware)
Hope this helps
- Thread starter
- #8
Ran the online checks, no virus found on a full systemm check. Tried a trojan scanner and this shut down with no warning too, so it could be a trojan I have.. Anyone know of an online trojan scanner like PC Pit Stop, these online virus checkers are the only ones that don't close down. Thanks very much for the links linney!! Biffo, the Godfather of making mistakes in life. Although, his Tek-Tips answers and questions are no mistakes.
biffo,
Yes, you could have a virus, but you may want to try running the system file checker to rule out a windows file problem before going too much farther.
From a command prompt type "sfc /scannow" (no quotes) and have your original windows cd available.
Bob W -------------------
"If the only tool you have is a hammer, you will see every problem as a nail." - Abraham Maslow
Get more tools!
Yes, you could have a virus, but you may want to try running the system file checker to rule out a windows file problem before going too much farther.
From a command prompt type "sfc /scannow" (no quotes) and have your original windows cd available.
Bob W -------------------
"If the only tool you have is a hammer, you will see every problem as a nail." - Abraham Maslow
Get more tools!
- Thread starter
- #10
Hi,
I have a similar problem - It's not my PC and I've been trying to sort by email.
New Dell XP box, IE6, Outlook Express 6, used to have AOL, now uses "normal" ISP.
Norton finds no virus, Live update seems to work OK.
Emails sent from this PC by the user always have a false FROM field. User name is ok, but the domain after the @ is false and changes each time. It looks like the sort of thing bugbear would do.
Any pointers as to how to diagnose. I haven't got access to the PC, so any ideas will be relayed to the PC's User.
Thanks
David
I have a similar problem - It's not my PC and I've been trying to sort by email.
New Dell XP box, IE6, Outlook Express 6, used to have AOL, now uses "normal" ISP.
Norton finds no virus, Live update seems to work OK.
Emails sent from this PC by the user always have a false FROM field. User name is ok, but the domain after the @ is false and changes each time. It looks like the sort of thing bugbear would do.
Any pointers as to how to diagnose. I haven't got access to the PC, so any ideas will be relayed to the PC's User.
Thanks
David
Have you tried Stinger from Mcafee? Seems to work very well on Bugbear.
Another resource for Virus Removal Tools is Sophos.
Also some good information on worm removal and propagation.
"Never Argue with an Idiot. They will Lower You to Their Level, Then Beat YOU with Experience"
Also some good information on worm removal and propagation.
"Never Argue with an Idiot. They will Lower You to Their Level, Then Beat YOU with Experience"
Which O/S are you using, which filesystem, and how large is the drive you are checking? If the system is Windows 9x/Me, you have possibly reached a 2Gm file limitation which is preventing progress. I have experienced this with AVG under Win98 on FAT32, but the problem disappears when you use Win2000 or XP.
debonairOne
MIS
Biffo,
Launch regedit and check the keys that launch programs at startup... HKLM\Software\Microsoft\Windows\CurrentVersion\Run.. look at each key and see if you can identify what each one does.. you may find the problem here... just a word of caution.. before you delete or modify any key in the registry, make a copy of it first by using the export command from the file menu...
debonairOne
Launch regedit and check the keys that launch programs at startup... HKLM\Software\Microsoft\Windows\CurrentVersion\Run.. look at each key and see if you can identify what each one does.. you may find the problem here... just a word of caution.. before you delete or modify any key in the registry, make a copy of it first by using the export command from the file menu...
debonairOne
- Thread starter
- #17
Thanks for the help everyone, I have run all the virus checkers but nothing has been found, maybe (I hope) debonairOne is right. Although I have no idea which key it might be, maybe someone could help me, these are the keys that may be suspicious under the folder which debonairOne told me to go to:
GSICONEXE
HPDJ Taskbar Utility
hpfsched
HPHA2MON
KernelFaultCheck
NvCplDaemon
nwiz
Any ideas where the problem lies?
Biffo, the Godfather of making mistakes in life. Although, his Tek-Tips answers and questions are no mistakes.
GSICONEXE
HPDJ Taskbar Utility
hpfsched
HPHA2MON
KernelFaultCheck
NvCplDaemon
nwiz
Any ideas where the problem lies?
Biffo, the Godfather of making mistakes in life. Although, his Tek-Tips answers and questions are no mistakes.
debonairOne
MIS
GSICONEXE (ADSL modem monitor)
HPDJ Taskbar Utility (HP Deskjet Manager)
hpfsched (HP background scheduler)
HPHA2MON (HP monitoring)
KernelFaultCheck (used for memory dumps)
NvCplDaemon (Norton AntiVirus Corporate)
nwiz (Nvidia Wizard)
None of these apps are suspicious... the fact that you were able to get into the registry negates my suspicion about lifestages or loveletter. If I remember your original post, the programs just closed without any error messages... I would look in the event viewer next.. not just the system log, but the application log as well... if you like, email me the *.evt's (files when you save the viewer logs) and I'll go through it line by line and post whatever I find...
debonairOne
"I look in the mirror and what do I see..."
HPDJ Taskbar Utility (HP Deskjet Manager)
hpfsched (HP background scheduler)
HPHA2MON (HP monitoring)
KernelFaultCheck (used for memory dumps)
NvCplDaemon (Norton AntiVirus Corporate)
nwiz (Nvidia Wizard)
None of these apps are suspicious... the fact that you were able to get into the registry negates my suspicion about lifestages or loveletter. If I remember your original post, the programs just closed without any error messages... I would look in the event viewer next.. not just the system log, but the application log as well... if you like, email me the *.evt's (files when you save the viewer logs) and I'll go through it line by line and post whatever I find...
debonairOne
"I look in the mirror and what do I see..."
debonairOne
MIS
Sorry... mailto:debonairone@comcast.net debonairOne
"I look in the mirror and what do I see..."
"I look in the mirror and what do I see..."
- Thread starter
- #20
Your help is very much appreciated DebonairOne but you will have to give me a step-by-step guide on how to look into the event viewer and applications log, and where I can find these .evt files. Just one more thing, I do not have Norton Antivirus on my computer anymore can I safely delete the NvCplDaemon key? Thanks very much for your help. Biffo, the Godfather of making mistakes in life. Although, his Tek-Tips answers and questions are no mistakes.
- Status
Similar threads
- Locked
- Question