Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG result/infection question [CLOSED]


  • This topic is locked This topic is locked

#1
anita1973

anita1973

    Member

  • Member
  • PipPip
  • 53 posts
When the AVG antivirus scanned it detected two viruses in C:\windows\system.

Shell32.dll
Kernel32.dll

Under the result/infection it said "change" what does it mean? :) I ran the scan again and it said the same thing. What does "change" mean and do these files need to be disinfected somehow or deleted?

I have Window XP professional version 2002 service pack 2.

Thanks for any help. I've used you all before. You are great!
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does it say C:\WINDOWS\system or C:\WINDOWS\system32 folder? There is a difference and it could mean a lot if it's in the wrong one.

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.

Run the below two scans and post there logs here:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe to your desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

Get HijackThis and run a scan. Save the log and post it here.
  • 0

#3
anita1973

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I did mean: C:\WINDOWS\system32

I am unable to download HijackThis. I'm trying to download from Downloads.com and it tells me that HJTInstall[1].exe is not a valid win 32 application.

First I tried to save it to the computers temp files and that didn't work so then I tried to open the download and that didn't work either. Both times it told me that HJTInstall[1].exe is not a valid win 32 application.

What's wrong now... :)

Edited by anita1973, 20 February 2008 - 12:41 PM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run through the other steps first before HijackThis? Did SFC find anything?

Download HijackThis at http://www.greyknigh.../HijackThis.exe Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP