3+ Viruses(?) --Help!

[DementedElf]

I hope this is in the right spot!

I've got McAfee and AVG running both. AVG recognizes this virus, and McAfee doesn't.

--------
Virus
Could e a Trojan horse PSW.Qukart.gen

is found in file
C:\WINDOWS\system32\Dkjdacqi.exe
--------

I run AVG for Windows and it isn't able to do anything about it. It finds it, but that's it. McAfee doesn't find it, and neither does Stinger.

I just reformat my computer. I tried a Full NTFS format but it always stuck on 52%. I tried a Quick NTFS format and it worked fine. I'm using Microsoft Windows XP Pro. I bought it last year from Purdue University, so I'm guessing it has SP1. Not sure, though.

I have ZoneAlarm installed and it catches two other programs. I deny them, and I think I saw them listed online as viruses. McAfee and AVG are both fully updated and caught about 15 viruses RIGHT after I formatted my computer. I installed McAfee first thing before I installed anything else, but I think the viruses got in when I was logging on to McAfee for updates? I don't know.

The two programs that I keep denying with ZoneAlarm are: timeupdate.exe and winupck.exe - I checked my logs and they try and access the internet about every 2 seconds.

PLEASE HELP! Thank you so much

--DE :evil:

 

[MrChad]

1. There's no need to run two anti-virus programs simultaneously. You're only going to cause problems.
2. Did you make sure that your fresh XP install was fully patched (up to SP2) before you connected it to the internet?

 

[Schadenfroh]

Listen to MrChad, he speaks the truth. uninstall one of them. Was the mcafee up to date btw?

anyways, it is VERY important to have SP2 and the firewall on before you connect to the internet. Have the firewall fully up to date. All the security patches from presp1 to post sp1 have been integrated into sp2. A unpatched computer can be owned by trojans in less than 20 minutes without a firewall on broadband. there are ways to slipstream SP2 into the install of the cd so that windows will install with sp2 already integrated. if you think you might have more nasties, see my virus/spyware removal guide in my sig.

 

[Schadenfroh]

BTW

timeupdate.exe
is a sign of the Vote Trojan

winupck.exe
My analysis: It appears to be a random set of characters disguised with win infront of the characters. most likely a trojan. reboot into safemode (via F8 at startup) and find the file and delete it. it probably has a run entry in the registry (meaning that an error may pop up when you reboot after deleting it), the best way to remove it from the registry and to find others like it that avg might not pick is by using hijackthis, link to download in sig.

 

[mechBgon]

^ what they said. And just to clarify, you are at risk from the moment that the computer is plugged into the modem, whether you actually browse the Internet or not, if you have no firewall protection and your Windows installation has vulnerabilities. So get your firewall installed first, before plugging into the modem, whether it's WinXP SP2's firewall or ZoneAlarm or whatever.

I suggest getting a router to be your first line of defense, too. Maybe this one. Also ensure that your user accounts, or at least your privileged ones (Administrator-class or Power-User class), have strong passwords.

 

[oldman420]

Wow vote trojan is scary. good call schadenfroh.
I have never heard of a virus that will stop windows setup and reformat though.
Being unable to reformat would indicate some type of hw or setup media problems. IMHO