Full Version: KAV does not clean Trojan-PSW.win32.delf.cwg
After logging on, KAV detects the above trojan but it cannot clean it. If I manually delete the file, it returns on the next boot. The file is 123.dll. Can KAV scan at boot before Windows loads? KAV is probably not finding all the pieces of this trojan.
hello
how would that help, it would still not detect whatever it is it missed the first time.
post an AVZ log please: http://forum.kaspersky.com/index.php?showtopic=69276
QUOTE
Can KAV scan at boot before Windows loads?
how would that help, it would still not detect whatever it is it missed the first time.
post an AVZ log please: http://forum.kaspersky.com/index.php?showtopic=69276
QUOTE(Lucian Bara @ 9.12.2008 16:25) 
hello
how would that help, it would still not detect whatever it is it missed the first time.
post an AVZ log please: http://forum.kaspersky.com/index.php?showtopic=69276
how would that help, it would still not detect whatever it is it missed the first time.
post an AVZ log please: http://forum.kaspersky.com/index.php?showtopic=69276
KAV was unable to delete what it found. I was hoping the boot-time scan could clean it before loading Windows.
This virus is part of marioforever.exe I believe. They both infected the system at the same time. Even though I can no longer find marioforever.exe on the workstation, the "printing" dialog box on this station now takes forever to close. Marioforever.exe affects the printing spooler. Is there a way to get printing back to normal now?
Attached is the avz_sysinfo.zip.
QUOTE(MrRAlan @ 10.12.2008 10:56)
KAV was unable to delete what it found. I was hoping the boot-time scan could clean it before loading Windows.
This virus is part of marioforever.exe I believe. They both infected the system at the same time. Even though I can no longer find marioforever.exe on the workstation, the "printing" dialog box on this station now takes forever to close. Marioforever.exe affects the printing spooler. Is there a way to get printing back to normal now?
Attached is the avz_sysinfo.zip.
This virus is part of marioforever.exe I believe. They both infected the system at the same time. Even though I can no longer find marioforever.exe on the workstation, the "printing" dialog box on this station now takes forever to close. Marioforever.exe affects the printing spooler. Is there a way to get printing back to normal now?
Attached is the avz_sysinfo.zip.
This is the latest avz_sysinfo.zip. The first one was run with an outdated database.
Fixing the print spool is pretty simple. I looked over your AVZ log and didn't see anything significant. Can you post a GSI log?
GSI Instructions
Please, post a GSI log following this step by step guide
GSI Instructions
Please, post a GSI log following this step by step guide
- Click here to download the GetSystemInfo tool
- Unzip & next run getsysteminfo.exe., choose where you wish to save the text file... the desktop is the easy choice.
- Click here to upload your GetSystemInfo log. (Note: It’s not a requirement to register you can use normal access scrolling down the web page)
- Now copy and paste the link to the log you have just made into your next post in this thread.
- Stop Spooler service by executing "net stop spooler" command in your command prompt
- Go to system Spool and printer's Temp directories (thу exact name of folder will vary from printer to printer) and delete all files with .shd and .spl extensions.
- Delete all registry keys that contain information about printer's Job Queue. Please refer to your printer's manual and Microsoft web site to determine exact keys which contain information about printer jobs.
- If you are trying to add printer and receive error message when trying to install printer drivers, this is right place to try adding printer again.
- Start Spooler service by executing "net start spooler" command in your command prompt
- Reboot.
QUOTE(Syn @ 11.12.2008 00:53)
Fixing the print spool is pretty simple. I looked over your AVZ log and didn't see anything significant. Can you post a GSI log?
GSI Instructions
Please, post a GSI log following this step by step guide
GSI Instructions
Please, post a GSI log following this step by step guide
- Click here to download the GetSystemInfo tool
- Unzip & next run getsysteminfo.exe., choose where you wish to save the text file... the desktop is the easy choice.
- Click here to upload your GetSystemInfo log. (Note: It’s not a requirement to register you can use normal access scrolling down the web page)
- Now copy and paste the link to the log you have just made into your next post in this thread.
- Stop Spooler service by executing "net stop spooler" command in your command prompt
- Go to system Spool and printer's Temp directories (thу exact name of folder will vary from printer to printer) and delete all files with .shd and .spl extensions.
- Delete all registry keys that contain information about printer's Job Queue. Please refer to your printer's manual and Microsoft web site to determine exact keys which contain information about printer jobs.
- If you are trying to add printer and receive error message when trying to install printer drivers, this is right place to try adding printer again.
- Start Spooler service by executing "net start spooler" command in your command prompt
- Reboot.
Here is the link... http://gsi.kaspersky.fr/lire.php?hl=en&...amp;Microsoft=0
There ware no print spool files to delete at all. Adding a printer works correctly. Marioforever.exe must be have affected something else relating to the printers. Thanks.
QUOTE(MrRAlan @ 11.12.2008 12:52)
Here is the link... http://gsi.kaspersky.fr/lire.php?hl=en&...amp;Microsoft=0
There ware no print spool files to delete at all. Adding a printer works correctly. Marioforever.exe must be have affected something else relating to the printers. Thanks.
There ware no print spool files to delete at all. Adding a printer works correctly. Marioforever.exe must be have affected something else relating to the printers. Thanks.
Any other suggestions how to return the printing speed to normal?
QUOTE(MrRAlan @ 15.12.2008 09:51)
Any other suggestions how to return the printing speed to normal?
I had to Repair XP using the XP Install disc to correct this problem.
QUOTE(MrRAlan @ 16.12.2008 06:37)
I had to Repair XP using the XP Install disc to correct this problem.
Thanks for posting the final outcome as it is appreciated by many I'm sure! Do you know by chance how you acquired this nasty little virus in the first place?
AC1
QUOTE(AC1 @ 16.12.2008 11:41)
Thanks for posting the final outcome as it is appreciated by many I'm sure! Do you know by chance how you acquired this nasty little virus in the first place?
AC1
AC1
Yea, a user went to savagearms.org. Something on that website, either the site itself or one of its ads, installed it. I blocked the site in our firewall and also the public ip 66.36.241.45. The virus communicates with that IP. Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.