BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus Printable version of : Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus
[ << Previous Thread | Next Thread >> ]

Raj Aryan
New Member


Date Joined Feb 2009
Total Posts : 1
 
   Posted 2/12/2009 12:13 PM (GMT +2)    Quote: Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virusAlert an admin about: Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus
Hi,
 
I am having this strange problem since 3-4 days. All problems started when I plugged in a pendrive given by a close friend of mine. I am getting warnings from Avast that there is some Trojan/virus on my PC whenever I boot my PC or plugin a pendrive.
 
I have been through many websites and forums but never got the exact remedy.
 
To help with the resolution , I am attaching the report of Trend Micro HijackThis v2.0.2
 
Scan saved at 3:36:50 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3BAE0A6-0852-4628-A746-D27C71738F9E}: NameServer = 218.248.240.208,218.248.255.193
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL_5045 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10189 bytes
==============================================================================================================
 
And following is the log if Avast.
 
2/9/2009 9:05:14 PM SYSTEM 1804 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
2/9/2009 11:47:39 PM Administrator 1180 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. 
2/9/2009 11:49:10 PM Administrator 1180 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. 
2/10/2009 10:22:19 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\6C908QHY\nadz[1].exe" file. 
2/10/2009 10:23:03 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\6C908QHY\nadz[2].exe" file. 
2/10/2009 10:23:07 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file. 
2/11/2009 1:36:35 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[1].exe" file. 
2/11/2009 2:28:36 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[2].exe" file. 
2/11/2009 2:28:44 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[3].exe" file. 
2/11/2009 2:28:48 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\cncai32.exe" file. 
2/11/2009 2:28:51 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\cncai32.exe" file. 
2/11/2009 2:37:46 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\ANR41U7C\nadz[1].exe" file. 
2/11/2009 2:37:52 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\ANR41U7C\nadz[2].exe" file. 
2/11/2009 2:37:55 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file. 
2/11/2009 7:11:25 PM SYSTEM 1632 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
2/11/2009 7:13:43 PM SYSTEM 1632 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
2/12/2009 12:47:25 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\O09TL1DY\nadz[1].exe" file. 
2/12/2009 12:47:44 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\O09TL1DY\nadz[2].exe" file. 
2/12/2009 12:47:52 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file. 
2/12/2009 9:59:51 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\DAJZ2MPK\nadz[1].exe" file. 
2/12/2009 10:00:26 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\DAJZ2MPK\nadz[2].exe" file. 
2/12/2009 10:00:30 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file. 
2/12/2009 3:02:25 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
2/12/2009 3:02:38 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
2/12/2009 3:02:51 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file. 
=========================================================================================================
 
I would be very happy to see this problem getting resolved. I request someone to help me out.
 
regards....
 
Raj
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 2/12/2009 1:11 PM (GMT +2)    Quote: Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virusAlert an admin about: Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus
Hello Raj smile
 
 
 
and save it on the desktop. Then double click on it (Fix_download.exe).
You may have to allow the program to download files from the web! 

The program download the necessary cleaning programs. Once the program 
is downloaded, there will be a folder on your desktop named 
Fix.   – if the instructions not automatically opens, so 
double-click "FIX_manual.htm" in Fix folder. 

Please follow the instructions and copy the logs here,
in this Topic.
 
Note : Fix_download.exe is detected by some antivirus programs  as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


 

 If necessary,
temporarily disable your anti-virus, real-time protection before downloading
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
You cannot post new topics in this forum. Post reply to : Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus Printable version of : Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus
 
Forum Information
Currently it is Thursday, November 27, 2014 9:29 PM (GMT +2)
There are a total of 60,785 posts in 13,355 threads.
In the last 3 days there were 6 new threads and 10 reply posts. View Active Threads
Who's Online
This forum has 36861 registered members. Please welcome our newest member, Stressman.
7 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Amazon infected download (4)11/27/2014 7:01:09 PM (doughboii)
Is there a future for the Forum? (7)11/27/2014 3:26:01 PM (Dickens)
"Backup" did not complete due to error 102 (0)11/26/2014 11:29:09 PM (newfree)
New user having problems (2)11/26/2014 9:28:17 PM (Diski)
Cheap K i tchens UK (0)11/26/2014 4:18:09 PM (tongsampahooho)