Computer/file Question

minimeeze

minimeeze

Messages
7,512
Name
Cheryl
Edit My Images
Yes
A question for the computer know alls out there.....

I've been running AVG 8 Free Antivirus and it has detected and resigned to the virus vault some files that I am not sure about (ie I'm not certain they are viruses). Can anyone tell me if they sound dodgy or are essential to the running of my pc as it's not working very well since these files have been locked away. It's telling me they are Trojan Horse Backdoor agents (oo-er!) or Trojan Horse downloaders. I know jack about PC files :shake:

C:\windows\config\lsass.exe
C:\system volume information_restore...{followed by lots of numbers in funny brackets**
C:\windows\17PHolmes572.exe

Many thanks

Clueless of Aldershot :LOL:
 
Not sure what the first one is, there is a legit windows file of the same name, although there is also an exploit that looks very very similar in naming using a I instead of l I think. However, the fact that you are able to post implies that the legit one is working ok. The second is the Windows System Restore save files. This cannot be removed from here, and can only be deleted by turning off system restore then turning it back on again. AVG has probably found one of the other 2 already there. 17PHolmes572.exe is a Trojan according to what I can find on Google.
 
If the lsass.exe file is properly located in the c:\windows\System32 folder: and if you find it anywhere else on your system, it's actually a virus, trojan, worm or even spyware, and should be deleted!

17PHolmes572.exe is a trojan and should be deleted

C:\system volume information_restore...{followed by lots of numbers in funny brackets**
Click to expand...

This will be a system restore windows has done and has a virus either mentioned or will be present. OK to delete it.

Dave
 
Thankyou. I'm getting more weird ones flashing up today... it's driving me nuts :bang: I can't seem to access my home page for some reason, but I can access some of my bookmarked sites (like here).
 
It sounds like you may have a browser hijack as well. When did this all start to happen, can you use System Restore to go back to prior the problems starting ?What anti spyware tools do you run ?

I've found that spywareblaster from javacools as a preventative with spybot search and destroy and lavasoft adaware has kept my puter clean
 
It's possible that AVG itself is blocking access to those web pages. If the 17PHolmes572.exe trojan has been run, it may be that it's dumped a file called lsass in your system, either replacing the original or elsewhere.

System restore is a virus writers dream come true, turn it off.
 
I don't think I can do a system restore on my pc as when I bought it, they wanted extra cash for a 'system restore disc', so having looked, I cannot see anywhere that I can restore to! I know most pc's will let you restore back to a certain point in time - mine doesn't have that feature!

This all started happening a few days ago. I have AVG (the freebie one) and Windows' own virus program. I've just run another AVG scan and got yet more threats, and whilst that was running, the Windows virus program window was popping up telling more of more infected files :help: I'm expecting my pc to spontaneously combust soon!!
 
minimeeze right click on your 'my computer' icon, choose properties and you should see a window with a system restore tab top left?
 
Steep said:
minimeeze right click on your 'my computer' icon, choose properties and you should see a window with a system restore tab top left?
Click to expand...

Yes - I've now turned it off after deleting the zillion and one threats detected by AVG. I cannot manually do a system restore though - all that is on the system restore page is a slider asking how much space should be given to a restore. There is no function for me to actually perform a restore :thinking:

My pc, although painfully slow, seems to be running ok now. The only site I cannot access at the minute is Facebook.. but then that's nothing new and no great loss!
 
What you should do is download SuperAntiSpyware as AVG 8 will only detect certain nasties http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE

Also do this with System restore Off as nasties hide in the restore points if you Have Vista or XP just google how to turn off/disable system restore then run a thorough scan in safe mode and delete remove any nasties when prompted and then reboot PC, and ENABLE restore again when PC is up and running, you can also grab CCleaner to keep your PC tidy http://www.filehippo.com/download_ccleaner/

And also visit house call http://housecall.trendmicro.com/uk/ and get a free scan.
 
No what he's saying is that you need to disable System Restore.
Doing this will delete all previous System Restore saved points (and the enclosed viruses too).

Right click My Computer, Properties, System Restore tab.

You'll see a list of drives with tick boxes next to them (You may only see one drive.....C:). Remove the tick(s) and click OK, it will ask if you're sure you want to turn off system restore as it will delete all restore points.

Do this, then clean up your machine by doing a disk cleanup. (Start > Accessories > System Tools > Disk Cleanup).
Then do a full system scan with AVG.
I would also recommend running a full scan using Adaware Free version from here.
Then once both software reports your machine as clear and free.

Then you can go back and turn system restore on (if you want to, I personally don't use it).

And hey presto, you should be clean.
Those are the steps I usually take to clean a system. I do use (Along with the CCleaner mentioned above) one more program, HijackThis, which is quite a nuts and bolts tool, and you can bugger up your system if you don't know what you're doing with it, but it can remove even the most stubborn of spyware / browser hijacks.
 
dazzer9535 said:
What you should do is download SuperAntiSpyware as AVG 8 will only detect certain nasties http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE

Also do this with System restore Off as nasties hide in the restore points if you Have Vista or XP just google how to turn off/disable system restore then run a thorough scan in safe mode and delete remove any nasties when prompted and then reboot PC, and ENABLE restore again when PC is up and running, you can also grab CCleaner to keep your PC tidy http://www.filehippo.com/download_ccleaner/

And also visit house call http://housecall.trendmicro.com/uk/ and get a free scan.
Click to expand...

Thanks Dazzer9535 - the SuperAntiSpyware program detected lots more trojans (I think there were 191 threats). As a result, and after performing scans for most of today, my pc is running much smoother. yet to try all the other stuff as I'm all scanned out for now :)
 
Just a quick question...
Before I run CCleaner, am I likely to lose all stored passwords?
 
minimeeze said:
Just a quick question...
Before I run CCleaner, am I likely to lose all stored passwords?
Click to expand...

Yes it can but if you dont want any passwords removed untick autocomplete form history (I think), anyway its not a good idea to store passwords justincase the PC gets pinched, just write them down and keep in a safe place or password them in a zip file or similar.
 
You must log in or register to reply here.
Back
Top