Re: HELP! Anti-antivirus?

From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: 06/15/04 

Date: Mon, 14 Jun 2004 21:12:29 -0600

Patrick;
First enable/install a the firewall;
http://support.microsoft.com/?kbid=283673
Scan for virus online, #1 on this link:
http://www3.telus.net/dandemar/slowcom.htm
Then perform #2, #3 & #4 on the same link to check for viruses and
spyware;

Follow this to help prevent this in the future:
http://www3.telus.net/dandemar/security.htm 

-- 
Jupiter Jones  [MVP]
http://www3.telus.net/dandemar/
"Patrick Wherley" <pat@totalsuccessmarketing.com> wrote in message
news:ubquVXnUEHA.1764@TK2MSFTNGP10.phx.gbl...
> I cannot run my AV programs anymore - something shuts them down
within
> seconds (I can run F-Prot AV in Safe Mode).  I can't run regedit or
sysedit
> either - same thing: they are shut down in seconds.
>
> When I did run F-Prot it found and deleted:
>
> lsac.exe
> scrgrd.exe
> wuamgrd.exe
> wuammgr32.exe
>
> On bootup, AVP finds IRC/backdoor.sdbot.25.AD before it is shut down
by the
> mysterious anti-antivirus process.
>
> Meanwhile, IE is occasionally being hijacked to the following URL:
>
> http://sirux.fuker.net/sirux4.html
>
> At that site I am asked to download a Certificate, which I of course
> decline.  It won't take no for an answer, however, and I have to
shut down
> IE through the Task Manager.
>
> I have run both Spy Bot and Ad Aware as well as CW Shredder, and
they have
> had no effect on these symptoms.
>
> Lastly, after viruses are found and successfully deleted, they
reappear, the
> most consistent offender is wuammgr32.exe.  Again this can only be
> determined by running F-Prot AV in Safe Mode (AVG apparently doesn't
work at
> all in Safe Mode).
>
> I am at my wit's end and I'm preparing to reformat the hard disk.
>
> Any ideas would sure be appreciated.
>
>