Need Help Fast!!!

I have a virus in C:\WINNT\system32\orans.sys on Win XP, and every time I try to delete it, heal it, or move it to the virus vault it is right there again. I am using AVG and it is a Trojan horse Agent.CX

 

I'm sorry, but that was of no help to me. I did all that, and there was no reference to orans.sys

 

You might want to try turning off your System Restore Point, reboot into Safe Mode, run your A/V scanner again, reboot, and see if it's still there. If not, turn on System Restore Point, and reboot (again... *sigh*). If it's still there, see if AVG (or Symantec) have a removal tool just for that trojan. In cases like this I also open up the Run branch in the registry (HKLM/Software/Microsoft/Windows/CurrentVersion) and make sure there's nothng hinky in there. Might also consider running SpyBot or some such, plus Hijack This!; might just be some nasty crap loading at boot that really isn't a virus...

Control Panel | System applet | System Restore tab | check the Turn Off System Restore (reverse to turn back on)

 

I clicked on control panel, and everything closed. I tried going back to internet on Firefox and IE and they both said No DHCP or something like that and they wouldn't open. I Clicked start so I could shut down, but there was no shut down button. I clicked log off, and the Switch User/Log off screen came up. I clicked log off, and nothing happened. Task Manager would not even open. I pressed the power button on my computer, and restarted on my 98 partition which can't see XP. Thats where I am now. I need help.

 

OK, but did you try anything I suggested? If you go to the Sophos site, they give instructions for removing the virus you mentioned: did you perform those steps?

 

Your best bet is to go to the SPYWARE FORUM and follow their recommendations in the "stickies".

They are best equipped to help you.

 

Thank you for your help everybody. I finally got rid of that nasty little virus. None of the methods I found worked, so I decided to take the matter into my own hands.Heres what I did.


First, I disconnected my modem. Then, I uninstalled avg. Then, I tried deleting it. It said it was being used by another person or program, so I opened task manager. I opened the proccesses tab, and noticed restore.exe, something that was never there before. I ended the process, then immediately deleted orans. Sure enough, it worked. Seconds later though it was back. I knew I ws close. I reestarted into safe mode. I searched for all files named restore, and deleted all of them in WINNT (backing them up onto a floppy first of course). Then, I searched for orans. there were 2 results. I deleted them both. After that, I deleted all my tranferred all my system restores onto a cd, deleted all my prefetch datal, deleted my temp and temp internet files, deleted my history, and deleted everything in my recent folder. Then, I emptied my recycle bin and went back in normal mode. I replugged my modem, and immediately reinstalled avg. Now, here I am. Virus free. No Orans.sys. No restore.exe. Just me and firefox, surfing away.