1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

very strange.....

Discussion in 'Computer Security' started by moominboy, Nov 16, 2005.

  1. moominboy

    moominboy Gigabyte Poster

    my fault in the first place for this but i was enticed by free screensavers! :oops:

    anyway, i now have one or two nasties running around which avg and ZA have picked up but can't touch,

    za says error in dealing with the file and on searching i can't find it, manually or with the search asst.

    avg also has great trouble in accessing it, access denied every time!

    the strange thing is that za never reported any activity prior to these being found .....?

    one is called win32.davq.f and the other system volume \_restore.xxxx (massive string)

    im going to google later after work but wondered if any one had heard of these or why za and avg can't access them?


    cheers all! :tongue
     
    Certifications: ECDL
    WIP: A+
  2. _omni_

    _omni_ Megabyte Poster

    647
    10
    62
    hahahahaha
    maybe cause the files are in use? btw i searched google for win32.davq.f and it "didnt match any documents".
     
    Certifications: MCSE 2003, MCSA:M
  3. moominboy

    moominboy Gigabyte Poster

    harsh but fair!

    yeah, i didn't think of that but even so, AVG usually has no problem , sometimes i can't quarantine or heal but i can delete, or vice versa which is why i was stumped.

    i had a quick look in the task manager but couldn't see anything.

    btw,avg will continue to report the problem no matter how i get rid of the window, ie, close button or continue.

    harumph!
     
    Certifications: ECDL
    WIP: A+
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    moomin,

    If you can get to the internet and download it try the ewido suite. It's very good at getting rid of some real nasty stuff. You can use the ewido suite for 15 days or so for free. After that it reduces its capabilities unless you buy the license but even then it's pretty good.

    Also, use HijackThis. That's not Hijack This, but HijackThis. Exactly as spelled.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    BTW, moominboy, I thought the name of the thread was a misnomer. It should be "very predictable....". I would have thought we'd a learned you better than to go downloading and installing screensavers..... :twisted: :twisted: :twisted: :D :D :D :D
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  6. moominboy

    moominboy Gigabyte Poster

    i know , i know!! :oops:

    but since i formatted my disk i've just went crazy trying to modify everything the way i want it, loads of desktops, widgets, different icons...and screensavers!

    guess i got a wee bit over-excited what with christmas just a month away!!


    i remember you mentioning ewido a while back but i never tried it so , i will tonight!

    cheers folks, for the help and abuse!! lol! :tongue
     
    Certifications: ECDL
    WIP: A+
  7. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    I recently had to Nuke a windows machine for someone after they inherited "abetterinternet". It refused to go regardless of what i tried.....
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  8. moominboy

    moominboy Gigabyte Poster

    very strange indeedy.... ewido did find a few spyware bits n bobs but nothing major and now , ZA has just managed to open and treat the win32.daqa.f (typo earlier!)

    but as ewido did pick up stuff that i didn't know was there and pretty quick too, i might keep it!

    cheers again guys! :tongue
     
    Certifications: ECDL
    WIP: A+
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Run a HijackThis scan and attach the output to a post. With a few eyes looking at it we should probably find most, if not everything left.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. Neall

    Neall Byte Poster

    214
    6
    0
    If you haven't already done so run AVG in safemode.

    Should get rid of the access denied errors.

    The restore directory you mention is Windows XP system restore.

    You have to turn this off on all drives before running any kind of scan.


    Neall
     
    WIP: A+
  11. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Moominboy, sounds like you have spyware try some spyware software such as Spybot Search and Destroy it's totally free to use and is excellent at finding and removing spyware. It also prevents known spyware from installing on your PC. I use it at home and work.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  12. moominboy

    moominboy Gigabyte Poster

    *hits head on monitor!*

    damn it! i knew that as well, i did think of doing safemode while i was at work but forgot, and thought avg was just being weird by opening up the system restore window which i neglected to mention!

    slypie, yeah i have s&d but it didn't find anything this time, although it is usually pretty good at doing so. if they still persist guys i'll run safe and restore off scans, then hijackthis and see what comes up.

    ta much.



    dave
     
    Certifications: ECDL
    WIP: A+
  13. _omni_

    _omni_ Megabyte Poster

    647
    10
    62
    hey moomin, look, some SWEET screensavers. and they're free too!

    [​IMG]

    haha jus playing with ya :biggrin :biggrin
     
    Certifications: MCSE 2003, MCSA:M
  14. moominboy

    moominboy Gigabyte Poster

    thanks omni, i'll check it out but just after i check my mail that a random site has told me i have ,oh and another one that has informed me my pc is loaded with **ware!

    :dry :biggrin
     
    Certifications: ECDL
    WIP: A+

Share This Page

Loading...