AVG Anti-virus scan taking to long (over 2hours)

Discussion in 'Malware Help (A Specialist Will Reply)' started by collingwood, Jan 31, 2005.

  1. collingwood

    collingwood Private E-2

    Hi everyone,

    I'm running AVG Anti-virus on my computer and its been scanning for well
    over two hours. The other concern is that its detected around 35,000 infected objects, namely the l-Worm/Netsky.Q virus. My question is,
    should I continue scanning for viruses or abort?

    Windows XP
    AMD Athlon 3.2Gb (64 bit)
    1Gb Corsair (RAM)
    60 Gb Seagate (HDD)
    9700 Pro Saphire Technology (Video card)
    Sony DVD burner
    400 Watt Antec Power Supply
    4 UV fans, 1 CPU fan

    Hope someone responds soon.................
     
  2. cnybud

    cnybud Private First Class

    I would let it continue until it is done. 35,000? Cripes...
     
  3. TheOldThug

    TheOldThug First Sergeant

    Welcome

    After completing your scan.

    This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!! :)

    TheOldThug
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  5. collingwood

    collingwood Private E-2

    Thanks everyone for taking the time to respond. I'm currently in the
    process of following the advice given.

    Thanks again
     
  6. collingwood

    collingwood Private E-2

    Hi again,

    Unfortunately I've come to a dead end regarding the removal of the Nesky worm virus that's seem to have affected a substantial amount of my files.

    I've the implemented the following as advised.

    1) Disabled System Restore
    2) Boot in safe mode with networking support
    3) Did an online scan at (Trend Micro's Free online scan)

    The Trend Micro Scan detected around 8,500 infected files. The problem
    I seem to run into is when I go to delete the effected files.

    I get the following message (please note that this is an abbreviated file name).

    Unable to clean the file
    'C\Windows\SoftwareDistribution\Download.jpg.exe' because its currently in use.

    Any suggestions on the next step I should take.

    PS I also ran the Nesky tool from Symantec prior to running the Trend Micro scan.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try running the Symantec Netsky tool in safe mode with no network connection. Also just continue with the rest of the procedures from the READ ME FIRST regardless of what happens with the virus.

    Did the Symantec Netsky tool find anything? Did it clean them or did it delete them?

    After doing the above do the below:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  8. collingwood

    collingwood Private E-2

    Hi again,

    I ran the Netsky tool again but this time in "Safe mode only". Its deleted around about 11,000 infected files. I also used the CCleaner and this has also
    removed a substantial amount of temp files. I used the Trend Micro's online
    scan as a final resort, and nothing was detected.

    Thanks again for everyone who responded and gave some very useful advice.

    Its been very much appreciated. :)
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should probably post that HijackThis log I asked for anyway. Normally where there is one problem like this there are more hiding.

    How is your PC running right now?
     
  10. collingwood

    collingwood Private E-2

    Hi all,

    I ran HijackTHis. Please inform me if I'm in the clear.

    Thanks
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See!!! It's a good thing we checked! You have some nasty porn dialers!

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    O1 - Hosts: 209.66.123.175 admin.promaxhost.com
    O1 - Hosts: 209.66.123.175 tds.alekshost.com
    O1 - Hosts: 209.66.123.175 tds.bgporn.com
    O1 - Hosts: 209.66.123.175 red****.com
    O1 - Hosts: 209.66.123.175 www.geo-traffic.com
    O1 - Hosts: 209.66.123.175 www.bloodyroot.com
    O4 - HKLM\..\Run: [Hot_Aussie] C:\Program Files\GMSoft\Dialers\Hot_Aussie\Hot_Aussie.exe /dontdial
    O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int104632.exe -auto
    O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://D:\HD\nskey.dll


    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\GMSoft <--- the whole folder
    C:\Program Files\websx <--- the whole folder
    D:\HD\nskey.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  12. collingwood

    collingwood Private E-2

    Hi again,

    I took your advice on board. Here is an updated HJT log.

    Please note that (C:\Program Files\websx) and (D:\HD\nskey.dll) didn't appear when I went to delete them in safe mode.
     

    Attached Files:

  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are all cleaned up but I'm wondering what happened to the below file:

    O23 - Service: Symantec Network Drivers Service - Unknown - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

    It was in your previous log and now it says it is missing.
     
  14. collingwood

    collingwood Private E-2

    I don't know.

    I'm pretty certain that I deleted all the files you suggested. Anyway, one more thing before I go, I went to Defragment my hardrive, however I get the following message.

    "MARK 1 (C:) The connection to the defragmenter engine has been lost".

    Any suggestions......
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I have no answer for that one right now! Doing google search show lot's of hits for that problem but no answers to correct it. You could try posting that question in the software forum. Are you using Microsoft's defrag or someone else's program?
     
  16. collingwood

    collingwood Private E-2

    I'm using Microsofts Defrag.
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I doubt it will work but have you tried booting in safe mode with no networking support, shut down all applications (especially virus scanners and other spyware scanners - anything that may access the disk) and then first run an Error check on the disk. Then after that try the defrag.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds