Jim Smart / weblog

I’ve decided to start (b)logging some of the PC problems that I fix, especially the viruses and trojans and suchlike.

A client’s WindowsXP PC was brought in to me yesterday because it was behaving oddly—amongst other things I noted that:

• The firewall wasn’t running (neither XP’s own firewall nor ZoneAlarm)—ZoneAlarm wouldn’t run even when started manually, it seemed broken or disabled
• The anti-virus software wasn’t running (AVG)—again, this wouldn’t run properly even when started manually
• I was unable to bring up Task Manager using the taskbar’s right-click menu
• Hitting ctrl-alt-del merely brought up an hourglass pointer for a brief moment
• The system was regularly showing a dialog saying ‘Connect to av2026.comex.ru’ and requesting a user password

Using a bit of software by Sysinternals called Autoruns I stopped the system from executing files ‘C:\WINDOWS\system32\anti_troj.exe’ and ‘C:\WINDOWS\system32\antiav_exe.exe’ on boot. This then allowed me to successfully re-install the broken software (AVG and ZoneAlarm) and get the system running ok again.

After re-installing AVG and updating its definition files, I scanned the system and found ‘Virus: I-Worm/Bagle’ and successfully cleaned it up. The system seemed to have no other viruses or spyware on it.

I believe the users of this PC surf exclusively with Firefox, so my theory is that the virus came as an email attachment, or it was possibly transmitted via instant messaging.

This entry was posted on Saturday, December 10th, 2005 at 10:11 am and is filed under Computing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.