Posted 30 June 2004 - 02:10 PM
I can't seem to get this virus out of 2 XP Pro machines, running AVG 7.0 Pro and used spybot, Network Associates Stinger and AVG's downloadable virus removal scanner. These are the latest updates, 6/28 for AVG and 6/15 for Stinger.
I disable system restore and do the scans in Safe mode, along with normal mode.
It cleans the viruses, but several hours later they come back. Most interesting is I can't seem to remove the Internet Explorer default page from going to a website called ilxyk,etc. I go into tools and set blank page as the home page and clean the virus,etc , it say's it is clean it is gone for several hours and comes back.
It say's the virus is being stored in the res (restore folder) but I can't get in there to delete it manually or rename it. Again, I've turned off restore before doing the virus scans and deleted the file via AVG. I've also turned restore on and off several times in an attempt to purge the previous restore files.
other viruses that seem to come up (after) I'm forced to this ilxyk website are,
I've also tried making the ilxyk site restricted in IE tools, but it keeps coming back, after I turn java scripting back to enabled. If I keep java disabled it keeps trying to go to the site but doesn't bring the site web page up, it's blank.
I also have downloaded the latest Windows updates as of 6/28.
It doesn't seem destructive, just a big pain in the butt.
any ideas out there?
Posted 30 June 2004 - 09:48 PM
Posted 01 July 2004 - 09:08 AM
the virus doesn't seem to be named, AVG just states it a dowloader.bf virus and such. I think it is the virus listed in the previous link, but it seems slightly different than what he has reported. I"m going to try that method and see what happens.
Posted 01 July 2004 - 11:25 AM
Please download Ad-aware and SpyBot Search & Destroy and set them all up EXACTLY as I have written HERE. This will offer much deeper scanning than the default settings that will find more spyware/malware. You will also see instructions on setting up AVG 7.0 as well to maximize it's protection.
If after doing ALL of the above and you are still having problems please post a HijackThis log here in this forum for us to look at.