PDA

View Full Version : Virus troubles...

jbw
03-09-2005, 08:16 PM
Can someone please help me. I've searched the web relentlessly for solutions but am getting nowhere fast. My idiot of a sister uses msn messenger to chat to friends and has managed to contract a virus. I've wrestled with it for ages and am close to formatting the machine and starting from scratch.

It prevents me from loading up regedit or task manager.
It seems to have knocked out I.E from accessing the web - will try firefox shortly.
It seems to install various .pif files (given rude names to entice the oddballs) in the root of c:\.
It automatically starts up as one of the following names: msmpatch.exe, svosm.exe, sysup.exe
If I remove all the above mentioned files and restart the machine on login it loads up CRAZY.html to re-populate itself on the hard drive.
It adds loads of entries to the hosts file in system32\drivers\blah blah
sysup.exe and svosm.exe are both present in HKLM\Software\Microsoft\Windows\Current\Run - Avser and Dsmser keys.
I've tried safe mode, I've used Hijackthis, I've pi$$ed about for ages on google, all I want to know is what this virus is called so I can find the solution.

Can anyone help me out please.

ta,
jbw
Vertizor
03-09-2005, 08:27 PM
Sounds a lot like this: W32.Serflog.B (http://www.symantec.com/avcenter/venc/data/w32.serflog.b.html)

If you're not afraid of using Linux (in this case it's just a LiveCD so it should be safe) check out this article: Scanning for viruses with Knoppix (http://www.oreillynet.com/pub/wlg/5118)
jbw
03-09-2005, 09:35 PM
Vertizor - thanks a million. You've saved me bags of time. Just out of interest how did you find it? Please tell me you did something other than use google! :)

ta,
jbw
allseeingi
03-09-2005, 11:28 PM
Similarly, the other way of approaching this is to take out the hard drive, plug it into another computer with up to date antivirus software and run a scan on it.

- allseeingi
Vertizor
03-09-2005, 11:30 PM
Ok, I won't tell you I used google :D

I googled for "msmpatch.exe, svosm.exe, sysup.exe" and it was the first thing that came up
nononowhatisyourname!?
03-10-2005, 12:47 AM
also if you would have gone to securityresponse.symantec.com and searched the .exe's that the virus runs, the virus most likely would have showed up in the databases on their website. I see he did get symantec's website, but still whenever you have virus troubles just go there (if the virus still allows internet use) and search. They update the site and virus definitions ALL THE TIME. Oh, and just go out and get a copy of "Norton Antivirus".....its a wonderful program.
jbw
03-10-2005, 09:03 AM
Ok, I won't tell you I used google :D

I googled for "msmpatch.exe, svosm.exe, sysup.exe" and it was the first thing that came up

No! I googled each individual name and every time it came up with about three links which lead me nowhere. I'll remove the virus this evening as it's the family PC so not really my problem. Perhaps this will make my family shell out for an up-to-date antivirus program. Again thanks for identifying this. I'm a tad embarassed that I couldn't find it as I'm normally pretty good with all this stuff. :blush:

nononowhatisyourname!? - Personally I think Norton is a sack of spuds. I used it for 2years but it is so slow. If you have the time have a look at nod32 if you want a decent antivirus program.

NOD32 (http://www.nod32.com/home/home.htm)

ta,
jbw
Rabid pitbull
03-10-2005, 05:00 PM
How good can it be if it let in a virus? Nod32 makes me nervous with its hysterisis aproach. Virus scanners should not guess imo, too many programs out there that follow their own rules of programming. Either way get something and keep it current all should be well.
MadMax
03-10-2005, 05:06 PM
OF course the free version of AVG works well also.

www.grisoft.com

I haven't had a hint of a virus in years, and it doesn't quit on me and demand I buy another copy of the software after a year like Norton does.
Refuznik
03-10-2005, 06:04 PM
Norton ==> Trash

Ad-aware and spybot (search and destroy). It's free.
jbw
03-10-2005, 08:19 PM
How good can it be if it let in a virus? Nod32 makes me nervous with its hysterisis aproach. Virus scanners should not guess imo, too many programs out there that follow their own rules of programming. Either way get something and keep it current all should be well.

Norton was installed when the virus hit. It wasn't up-to-date so had no chance of stopping it. The worse part is it moved on to all my sisters messenger contacts.
Anyhow I've now put Norton 2004 on there (with virus def update) and it's doing a scan, not my first choice but all seems good again. Plus I've got my family off my case... for now. :)

Thanks for all the help.

ta,
jbw
CGTalk Moderation
03-10-2005, 08:19 PM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.