Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Re-occuring Virus

Status
Not open for further replies.
ConBran

ConBran

Technical User
Jan 4, 2005
29
0
0
GB
Hi there,

Hope that you can help with this. I am using AVG Virus Scanner on my system, and at least once a day it will throw up a virus detection warning. I run the scan and it removes the file. I run the scan again, and no viruses are found. However, the next day I will get a warning about the same virus. The virus is usually contained in a file in my c:\Documents and Settings\Username\Local Settngs\Temp folder. The folder name the virus is found in is usually in the format of THI4C7A.tmp and the folder contains a few files, such as polallr.exe polallr.tmp etc. This is beginning to really annoy me.

Basically, does anyone know what might be putting these files on my cpomputer? Are they actual viruses or are they just being considered viruses by AVG?

Also, another thing that may be of note is that fact that I am on a network in work, rather than a home PC, although I dont see how this could affect the issue, someone else might be able to.

Any and all suggestions will always be welcome.

Connor
 
Sort by date Sort by votes
This sounds like a worm on another pc is infecting you. Disconnect your pc from the network for 24 hours (after running a scan) and see if the virus returns, if nothing happens then it is network based and install a firewall (there are plenty of free downloads out there)

Are you suggesting coconuts migrate?
 
Upvote 0 Downvote
you need to notify the network admin if you have one. if not you should recommend the company install a better firewall and implement better company IT security practices.

 
Upvote 0 Downvote
I found out there is a virus that can place registry settings thatleave open doors so it can re-infect a computer.

You might want to run a spyware tool or two to check the registry for unfamilar programs that the virus could be using to re-infect the machine.

I would also use more than one anti-virus scanning engine. Trendmicro.com has a free webbased scanner called "Housecall"
I find that my Norton doesnt pick up everything, so I use "housecall" as well.



David Drury
Northeast Laser Image
 
Upvote 0 Downvote
It is also possible that something on your pc is reinfecting you. Biglebowski's suggestion will help you determine which is happening.

I do not intend that you take this thread as containing the specific solution to your problem. What I want you to see with it is that, for this user, the polarr virus files were a piece of a larger problem:

Totally cleaning the computer involved several steps and more than one tool. If it turns out that your reinfection is not coming from elsewhere on the network you will likely have to follow a similar process.

Faq608-4650 provides a structed set of steps and approach to cleaning up a computer with virus and spyware problems.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
In addition, some virii can infect the "RAM" of network devices. You may have to shutdown all the switched, hubs, etc. Since they really can't infect ROM chips, shutting these devices down will terminate the virus. Make certain that everything is shutdown [red]before[/red] turning anything back on.

James P. Cottingham
-----------------------------------------
[sup]To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.[/sup]
 
Upvote 0 Downvote
One thing that most people always forget to do, is to clean out their TEMP folders, before a Virii scan and After a Virii Scan...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Upvote 0 Downvote
Thanks for all the useful advice.

I took my computer off the network for a few days the virus didnt return so we concluded that it must be on one of the other machines in the office. The bad news is that, becauase I discovered the problem, the network administrator volunteered me to come in over the weekend to help sort the problem.

Needless to say that we basically took apart the network, scanned every machine seperately, powered down all our servers hubs and routers, powered them back up and scanned again. We cleared every temp folder we could find. Thankfully this seems to have done the trick because the network is back up and running and we haven't seen the little sucker come back yet.

Thanks again for all your help

Connor
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
99
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
48
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
72
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
81
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
98
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top