First thing you need to note about Anti Virus software manufacturers is that each of them has its own naming of the malvare viruses families. What is virus family? That is basically just a group to ease up the naming and grouping up the viruses with common capabilities.Originally Posted by sysrpl
So if you will keep googling "win32:evo-gen" you will always be getting results related to Avast as this is the way they named such malware family.
Second thing. If you can't see "shellpth.exe" on your desktop as normal file (it might be hidden) then your system is most likely infected. Especilly becouse it seems that Norton found this file on athleast two different places.
Third thing. I personally recomend you to stay away from Norton. Why? I have seen it delet many files that were false recognized as dangerous and it sometimes does this even without a warning. On my friends computer it was literaly breaking drivers for a TV Tuner card which was leading to constant system crashes during watching the TV. And I must say that it took me the whole day to figure that out.
Another thing about Norton is that even when you decide to go and uninstall it it doesen't always removes itself compleetly which could sometimes be causing system instability. Athleast that was quite common in older versions. I must admit that I haven't worked on a computer protected with Norton for quite a time now.
Could you somehow pack those files and upload them somewhere on the interent so I can have a closer look at them? I don't recomending you sending them through E-Mail. If they are infected it could lead to your E-Mail getting on a black list.
The fact that those files were compiled long time ago has no effect. Viruses most commonly migrate first to recently accesed files. So when you have extracted those the virus (if you have one) could detect that and thus inject its own code into them.
Most commonly this is done by simply adding aditional code to the end of the file and changing the default enty point to virus code itself. This gurantees that even if you managed to stop the virus executing one of such files would start it again.
I hope you are not just installing new AV programs one by another. Doign so could actually prevent them from working properly. Why? It is posible that one AV software detects a cleaning atempt of another as potential threat to your computer and thus could try and block it. And this could be detected by another one as atemt on disbling it. So you could end up in a continous loop of one AV trying to kill another whoich would most likely lead to bringing your computer almost to a halt.
Yes I have seen this first hand.
@paul_nicholls
I have quite some knowledge in dealing vith various virueses and malware software becouse lots of my friends had problems with them in the past.
And since I'm pretty curious guy I didn't just go and run an AV scan to clean the computer but actually try to find ot from where did the those viruses spread and how.
Once I even had a chance to analyze and finally clean a nasty virus (Sallinity NSF) that has been first detected on the web just three days earlier. But I did have an advantage since I had the initial file from which it spread. I even had to use HDD recovery proces to get it back becouse once the virus spread it has deleted it to cover its tracks.
So I try to help if I can with this. Besides it has been some time since I had last been doing any virus cleaning. What is the main reason for this? Actually I don't know. Whter my firends learned to surf the web more safetly or the ESET is doing a good job in keeping their computers clean as it does with mine.
@sysrpl
Since you are prepared to test other AV's I strongly recomend you try ESET AntiVirus 32 or ESET Smart Security if you also want a Firewall Protection. if you decide to go with ESET Smart Security I recomend you set Firewal to itneractive mode as Automatic mode isn't good enough. Athleast not for my high standards. But ineractive alows you to create specific blocking/exception rules as you go.
But if your computer might have realy been infected by some nasty virus like a Rootkit you would have to run a clean system from some Boot CD and then preform cleaning. I'm personally using Ultimate Boot CD with Windows Xp as botable OS and specially prepared ESET Antivirus 32 so ti can be run without prior instaltion (I used WMWare ThinAp for this).
If you need any more information or help about this feel free to ask.
Reply With Quote
Bookmarks