Help with virus problem....

[cohenfive]

my daughter's pc has picked up something nasty and i can't figure out how to get rid of it. it somehow got through antivir, which recognizes a variety of items such as:

tr/vando.gen, tr/dldr.agr.dll, tr/adload.mas.1, tr/spy.agent.kg

the problem is antivir is not getting rid of these. i ran a scan in safe mode twice and both times the tr/vando.gen could not be removed. now the pc is not able to connect to the internet either, and there are a couple of other assorted minor issues.

i think the location of the file is:

winnt/assembly/temp/entnifo.dll

when i do a search i find the file, but when i go to winnt/assembly i can't find a temp directory so i can't locate the file to get rid of it. if there is another way to locate and delete the file let me know, but this one seems to be replicating itself or blocking its removal, while somehow blocking internet access.

yuck!!! thanks in advance...

 

[John]

1) This will fix your internet problem
2) Uninstall Antivir
3)Read this thread and get AOL Kaspersky

 

[cohenfive]

john, thanks for the above. a couple of questions...

i installed norton nis 07 on the machine hoping it would pick this up, but it can't update since there's no internet connection (duh)...should i also uninstall nis for the moment as well? i know it's a resource hog but i don't mind that.

so as far as the download fix, how can i do that when i have no internet connection? should i just download it to a jump drive or something on another pc and then install it from there?

once this is fixed do i need the aol kapersky app or am i ok sticking with nis 07?

thanks again, i'll try this later today....

 

[cohenfive]

apologies, double post...

 

[John]

Yes, download all files to a USB flash drive or burn to disc.

[*]Do not use add & remove to uninstall Norton. Instead download and run the Norton Removal Tool

I'd leave Norton uninstalled and stick with Kaspersky. Inferior detection + bloat = crap

Once you fix the internet with the winsock tool Kaspersky should auto update. If the winsock tool doesn't fix the internet try a USB NIC if you have one. If not pick one up for about $15 because they come in handy. If you want a software firewall enable the one built into XP or try Zone Alarm/Kerio/Comodo (links on my website). Hopefully you have a cable/dsl router as a hardware firewall. If you were using NIS 07 for parental controls there are other alternatives as well and we can discuss that later.

 

[cohenfive]

ok, i install the winsock xp fix onto my daughter's machine and got rid of antivir. i've kept norton on there for the moment...

anyway, so far no love on the internet connection. i've gotten it to at least search for an ip address but so far it has not been able to find one and connect. any suggestions would be much appreciated.

 

[John]

[*]Reinstall the NIC driver, or go to device mgr > network > right click your NIC > uninstall
[*]Can you ping 127.0.0.1? If you have a router can you ping it?
[*]Hook up a USB NIC or a 2nd PCI NIC

 

[cohenfive]

i'm also getting the following message every time she boots up the pc, not sure if it's related:

a fatal exception 0xc0000005 has occurred at 0x004FA344 (read, 0x0000004X)

this pc's a mess, the drive light is just about always in action. anyway, i'll see if i can work on the nic card....

 

[cohenfive]

some more information...

could not connect to ip address: 127.0.0.1

tried updating the driver from windows--said it had the best driver already

also uninstalled and then reinstalled the nic card

still unable to get acquire an ip address.....

oh, got the following message:

"internet explorer has encountered a problem with an add-on and needs to close"....the add-on is: VSAdd-in.dll

i disabled it to see if that would do anything, but the fact is i wasn't using ie at all, i was using firefox.

i'm totally stumped now....thanks for listening..

 

[John]

[*]Norton IS firewall may be blocking network traffic, uninstall it with the tool I linked you to above. YOu can always reinstall it later
[*]Time to click the link in my sig and start the cleansing process
[*]If you still cannot pull an IP try a repair install
[*]In you still don't have internet install a 2nd NIC
[*]If you don't have any important data or a lot of installed software you may want to consider a clean XP install