Re: virus in TDispVol.dll

nass wrote:
"Jeff" wrote:

nass wrote:
"Jeff" wrote:

I am on XP MCE with the latest security updates. When I returned
the system from suspend, AVAST warned me that it found a virus
"TDispVol.dll" in C:\WINDOWS\system32 and asked me what to do with
it. I told it to send it to the "Chest", which it did. I then ran
Avast to check the entire system thoroughly and it found nothing
more.

Should I do anything else? What is TDispVol.dll? Is it something
that replaced a normal file that should be in XP and that I should
replace from backup?

Thanks.

As Malke mentioned this a Toshiba file been infected by:
not-a-virus: Monitor.Win32.AKL.25, try to use Avast feature to scan
on Boot up and remove the Infected file Automatically.
Then Try to Turn the System Restore OFF then ON to delete the
infected Restore Points, you can perform these cleaning steps if
the Avast scan will detect the Virus/infection again:
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option: [&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box. Then click on Programs Tab and click Manage Add-Ons and Disable
all non Verified Add-Ons (You should Renable them later one-by-one
and see the culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware.
Post your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other
appropriate forums for expert analysis, not here.
HTH.
Let us know how it is going.
nass
----
http://www.nasstec.co.uk

Should I do all this even though Avast now no longer finds a virus in
that file? Maybe they corrected their database.

As Malke mentioned this a Toshiba file been infected by:
not-a-virus: Monitor.Win32.AKL.25,

Not sure I understand "not-a-virus". Is that just its name or is it
not a virus?

Jeff

To Be sure your system is clean, Yes do all of these cleaning steps.

Not-a-Virus: Monitor.Win32.AKL.25 is the name of the Virus that
infected that particular file for Toshiba to avoid detection and
cause more damage to your system.
No Harm in applying these steps even if your system is clean, some
people go to the doctor even they don't feel sick/ill at all to get a
clean bill of health!.
HTH.
nass
----
http://www.nasstec.co.uk

Yes, but they are known as hypochondriacs. (Just joking. I appreciate
the help).
Anyway I did as you say and came out clean, so I feel better.

[ ] Enable Third-Party browser extensions (Req Rest) uncheck this

Do I re-enable this now that I am clean and healthy? I use Firefox
anyway, and only use IE for Windows updates.

Jeff


.

Relevant Pages

  • Re: virus in TDispVol.dll
    ... "Jeff" wrote: ... AVAST warned me that it found a virus ... Avast to check the entire system thoroughly and it found nothing ... To Be sure your system is clean, Yes do all of these cleaning steps. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: virus in TDispVol.dll
    ... "Jeff" wrote: ... AVAST warned me that it found a virus ... Avast to check the entire system thoroughly and it found nothing ... To Be sure your system is clean, Yes do all of these cleaning steps. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: virus in TDispVol.dll
    ... nass wrote: ... AVAST warned me that it found a virus ... Avast to check the entire system thoroughly and it found nothing ... When all else fails, HijackThis v2.0.2 ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Help needed
    ... | As I have a very decent Virus Scanner (Avast) and a good Spyware detector, ... FireWall to allow it to download the needed AV vendor related files. ... needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ...
    (microsoft.public.security.virus)
  • Re: Trojan? Or a false alarm?
    ... And I run virus and security checks ALL the ... | uninstalled Norton and installed Avast!. ... | It said that it was a Malware type Trojan called Win32:SdBot-3324 ... drive is just a "recovery partition" used by my computer. ...
    (alt.comp.anti-virus)