Antivirus does not install ???

Thursday, May 14, 2009 by divyasugar | Discussion: WinCustomize Talk

Hi friendz Please help me!

Yesterday, I went to cyber cafe to scan some photographs. I plugged my pendrive to copy scanned files into it. I noticed "usbcillin .exe" created in my pen drive. I had not copied it hence I understood its a virus and deleted. I came home, scanned it on my pc several instances detected with AVG and successfully removed. I happily yups happily copied the scanned photographs in my album on drive 'F'. OS Win XP SP2 is on drive 'C'. Now there is 'Katrina'. It blew my antivirus, tried to disable it but my antivirus would not quit fighting till the death, disabled task manager and registry. and computer hangs. At last, I had to restore from backup image. I have no backup image for other drives. Now everything is perfect, I can access task manager, registry etc but I cannot install AVG which I had kept on drive 'F', same on which I copied scanned photographs.

Is it still infected? Will I have to format? Is there any exclusive removal tool for usbcillin?

Thanks and karma a lot.

12 Reply 11 Referrals
divyasugar
Reply #1 Thursday, May 14, 2009 4:48 AM


Vampothika
Reply #2 Thursday, May 14, 2009 5:46 AM

why dont you download and run the malicious software tool remover from microsoft? its always up to date.


DrJBHL
Reply #3 Thursday, May 14, 2009 6:22 AM

Excellent advice, Vampy!

Also, check this out, Divya: LINK

And here: LINK 


Leo the Lion
Reply #4 Thursday, May 14, 2009 6:24 AM

Clean and reinstall.............that's the only way you'll be sure that your system is virus free.


divyasugar
Reply #5 Thursday, May 14, 2009 7:33 AM

Thanks for replies

I have checked it with Malwarebytes Anti-malware (with todays definitions) and Wnidows Malicious software removal tool. No infections found since I had restored from backup. However I can not install antivirus. I have mailed report to AVG.

Should I download another setup file or try another antivirus? But why I can't install that if system is clean.

Clean and reinstall.............that's the only way you'll be sure that your system is virus free.

  3L = ?    It's last alternative. 


DrJBHL
Reply #6 Thursday, May 14, 2009 7:43 AM

divyasugar
reply 5

    It's last alternative. 

I agree. Did you use the cleaning tool in the second link I posted?


divyasugar
Reply #7 Thursday, May 14, 2009 8:00 AM

Yes It detect no threats.


divyasugar
Reply #8 Thursday, May 14, 2009 8:02 AM

but how to uninstall it ?


divyasugar
Reply #9 Thursday, May 14, 2009 8:32 AM

Just had to log off and I could remove it.


DrJBHL
Reply #10 Thursday, May 14, 2009 9:00 AM

Either it's there, or not.

Go to LINK and do the scan... Don't delete anything you are unsure of. You can save the report, and publish it here and email yrag and ask his opinion....he can be 'abrupt' so don't get upset.

Above all, Divya take is advice...or format. I hope you have a backup of your system BEFORE the infection.


divyasugar
Reply #11 Thursday, May 14, 2009 10:18 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:34 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vikesh\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 3346 bytes


divyasugar
Reply #12 Thursday, May 14, 2009 10:32 AM

I had said...

At last, I had to restore from backup image.

So there shouldn't be anything in processes.

The installer got corrupt it couldn't be instslled on another pc too. I downloaded another Antivirus & installed without problems.

Could there be more corrupt files? How to stop them from being corrupt?

 

 

 

 


Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!
Login

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
Copyright © Stardock Corporation. All Rights Reserved.


web-wc01