We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
AVG Trojan Flooder
symy@nufc
Posts: 295 Forumite
in Techie Stuff
JUST SEEN THIS ON A NEWS LETTER I GET! HOPE ITS USEFUL
I just want to fill in anyone else who has not heard about this yet. You can certainly go back and read yesterday's quick tip for the whole scoop, but just briefly, the Trojan Flooder is a threat that is affecting a lot of the AVG antivirus users. They are being tricked into "healing" their computer for the good, but are ending up with a harmful exploit on their computer instead.
If you are an AVG user and have come in contact with this Trojan, it is extremely important to fix it right away. So, here are a couple of suggestions that I was able to find for this. Hopefully, at least one of them will work for you.
1.) First, boot your computer in the Safe Mode form. To do this, turn your computer off and then restart it while pressing the F8 key continuously until the Safe Mode startup menu appears. From there, choose Windows in Safe Mode.
Next, you're going to uninstall your AVG service. Go to Start, Control Panel, Add/Remove Programs. Find its applet and click the Remove button. When that's done, restart your computer and then reinstall the AVG program and do an immediate update on it. That should take care of the Trojan and all of its components. If not, try the second suggestion below.
2.) Again, boot up your computer in the Safe Mode form. (Follow the same directions listed above to do this). Once there, choose Windows in Safe Mode.
From there, go and find the folder of C:\WINDOWS\system32\drivers\. (Double click on the My Computer icon on your desktop, double click the C: drive and continue from there). Next, you'll need to find a couple of files. Change them as follows:
Change AVGCLEAN.SYS to AVGCLEAN.SY_ and change AVGRSXP.SYS to AVGRSXP.SY_. This will help keep the winlogon.exe file in place like it should be.
Now, the next part involves using the Registry Editor. There is always a risk with working in the Registry. If you make a mistake, it could alter other parts of your computer, so if you're not 100 percent sure you know what you're doing, please find someone who does. It's very important!
When you're ready, go to Start, Run, type in "regedit" and click OK. Once there, find the registry key of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean. Now, go and remove the "__delete" value from the right window pane. Then restart your computer back in the normal Windows mode.
You should also make sure you update your AVG service to fulfill the latest virus base version. To do that, open the AVG program or the AVG Control Center. Then press F9 to get the current updates. Once you're all set with that, you have to go back and rename the same files you changed earlier. Find the C:\WINDOWS\system32\drivers\ folder again and change the following files.
Change AVGCLEAN.SY_ back to AVGCLEAN.SYS and change AVGRSXP.SY_ back to AVGRSXP.SYS.
Once you have that done, you need to restart your computer again and then just make sure the AVG Resident shield loads again. This will keep you the safest. Well, there you go. Hopefully one of those suggestions will work for you and you can be rid of the Trojan Flooder for good. You can't beat that!
I just want to fill in anyone else who has not heard about this yet. You can certainly go back and read yesterday's quick tip for the whole scoop, but just briefly, the Trojan Flooder is a threat that is affecting a lot of the AVG antivirus users. They are being tricked into "healing" their computer for the good, but are ending up with a harmful exploit on their computer instead.
If you are an AVG user and have come in contact with this Trojan, it is extremely important to fix it right away. So, here are a couple of suggestions that I was able to find for this. Hopefully, at least one of them will work for you.
1.) First, boot your computer in the Safe Mode form. To do this, turn your computer off and then restart it while pressing the F8 key continuously until the Safe Mode startup menu appears. From there, choose Windows in Safe Mode.
Next, you're going to uninstall your AVG service. Go to Start, Control Panel, Add/Remove Programs. Find its applet and click the Remove button. When that's done, restart your computer and then reinstall the AVG program and do an immediate update on it. That should take care of the Trojan and all of its components. If not, try the second suggestion below.
2.) Again, boot up your computer in the Safe Mode form. (Follow the same directions listed above to do this). Once there, choose Windows in Safe Mode.
From there, go and find the folder of C:\WINDOWS\system32\drivers\. (Double click on the My Computer icon on your desktop, double click the C: drive and continue from there). Next, you'll need to find a couple of files. Change them as follows:
Change AVGCLEAN.SYS to AVGCLEAN.SY_ and change AVGRSXP.SYS to AVGRSXP.SY_. This will help keep the winlogon.exe file in place like it should be.
Now, the next part involves using the Registry Editor. There is always a risk with working in the Registry. If you make a mistake, it could alter other parts of your computer, so if you're not 100 percent sure you know what you're doing, please find someone who does. It's very important!
When you're ready, go to Start, Run, type in "regedit" and click OK. Once there, find the registry key of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean. Now, go and remove the "__delete" value from the right window pane. Then restart your computer back in the normal Windows mode.
You should also make sure you update your AVG service to fulfill the latest virus base version. To do that, open the AVG program or the AVG Control Center. Then press F9 to get the current updates. Once you're all set with that, you have to go back and rename the same files you changed earlier. Find the C:\WINDOWS\system32\drivers\ folder again and change the following files.
Change AVGCLEAN.SY_ back to AVGCLEAN.SYS and change AVGRSXP.SY_ back to AVGRSXP.SYS.
Once you have that done, you need to restart your computer again and then just make sure the AVG Resident shield loads again. This will keep you the safest. Well, there you go. Hopefully one of those suggestions will work for you and you can be rid of the Trojan Flooder for good. You can't beat that!
dont drink and drive:beer: :beer:
come on the toon!!
come on the toon!!
0
Comments
-
this was a problem with a "false positive" addressed by AVG on the 7th December so as long as you have updated AVG after that date this is not a problem (and was never a Trojan in the first place)
http://forum.grisoft.cz/freeforum/read.php?4,84947,backpage=,sv=
Date: December 7, 2006 08:21PM
Quoting Radek Janata - Grisoft Team
Unfortunately, this issue is caused by the false detection on particular version of "winlogon.exe" file. The false detection has been immediately fixed, however several users may have updated their AVG to this virus update containing this false definitionEx forum ambassador
Long term forum member0 -
thank browntoa for put me at easedont drink and drive:beer: :beer:
come on the toon!!0 -
Don`t think this is anything to do with the problem I have. My Kaspersky anti virus tells me my 3 month trial is up & I should purchase a new one but when I try the system says BLOCKED so I downloaded the free AVG but I did not recieve e-mails for a few days. When I uninstalled AVG all my e-mails opened up. Any idea what the prob` is as I don`t like to be without anti virus.0
-
you probably have not allowed the AVG email scanner access via your firewallEx forum ambassador
Long term forum member0 -
Thanks Browntoa but how do I do that. I am not too great on the techie stuff.0
-
what firewall are you using ??
the built in one on Xp , Nortons ??Ex forum ambassador
Long term forum member0 -
Thanks again Browntoa for your response.Went into control panel & security center & it says Windows firewall on. I know I was xp on my old pc but it went belly up 3 or 4 months ago & I got Lenovo pc.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards