i downloaded and ran two different anti-virus programs a few days ago:

Grissoft AVG
PC Tools AntiVirus

each found several internet worrms and trojan horses on my computer and automatically quarantined them. i can view these items, and all of them are found in:

C:\System Volume Information
C:\Windows\System32

and they have either of these 2 extensions:

.dll
.exe

now, my questions:

1 - are these dll and exe files the trojans/worms themselves, or are they required files for computer information and are infected with the trojans/worms?

2 - if they are trojans/worms themselves, i can safely delete the quarantined items, right?

3 - otoh, if they are legit files infected with trojans/worms, what should i do? i can't delete them, but i can't let them out of quarantine either. should i keep them in there forever? and if they are infected, why can't the anti-virus programs clean them, remove the infection, and not quarantine the legit files?

svchost.exe

4 - i did delete some of the quarantined items a week ago, and one of them is called svchost.exe and several copies of it could be seen running in task manager at all times. since i deleted it, everytime i reboot, i get two prompts from windows saying it can't find svchost.exe. so, was that a required windows file? if so, do i need to get it again, and what does it do? WEIRD THING is, even though i get the prompts on start up, i can still see it running in task manager (6 copies running now) and if i end them, they pop back up within a couple of seconds. so what is this svchost.exe and how come i get the prompts if it is still on my computer and how is it still on here if i deleted it?

thank you very much.

3/9/2007 8:28:21 AM

lol

downloading porn with that new dsl line?

your best bet is to reformat

3/9/2007 8:38:36 AM

all porn websites here are blocked... you should know that.

i just go to all sorts of weird websites of people, groups, products, companies, etc.

i don't want to reformat.

but even if i did, i would transfer all my files and programs to an external hd, reformat laptop, and then transfer stuff back, right?

but wouldn't the bad stuff also get transferred to external hd and then back again?

it is under control now with the anti-virus programs, but what should i do with the stuff in the "virus vaults"?

someone please answer my specific questions. (i might end up reformatting anyway, but i am still curious and want answers to my questions, thanks!)

3/9/2007 8:47:59 AM

Quote :

"all porn websites here are blocked... you should know that."

lol the source of all the problems over there.

what happens if you try to 'repair' the windows installation? if some of the required windows files are infected, maybe they'll be restored to an original version?

if my computer ever gets messed up, I always end up doing a format. It's actually quicker for me to do this than to mess with getting rid of a bunch of crap that I can't verify is 100% gone.

3/9/2007 8:57:19 AM

delete the quarantened files.
you probably don't have to reformat unless you had a real bad infestation.

run the online scanners below (in safe mode) to make sure youre clean.

Quote :

" Programs I've used at some point and liked: Lavasoft Adware http://www.lavasoft.de/download_and_buy/product_comparison_chart.php Windows Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Spybot http://www.safer-networking.org/en/download/index.html CA eTrust Spyware http://shop.ca.com/spyware/anti_spyware.aspx AVG Antivirus http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5 Hijack This http://www.majorgeeks.com/download3155.html Free online spyware/virus scanners/removers These are pretty helpful when you think your security programs have been comprimised. Bitdefender Very nice scanner, catches alot. http://www.bitdefender.com/scan8/ie.html TrendMicro Housecall http://housecall.trendmicro.com eTrust Antivirus http://www3.ca.com/securityadvisor/virusinfo/scan.aspx For those who don't know, If you have any infection at all, always run antivirus/antispyware scans in safe mode."

3/9/2007 9:00:36 AM

svchost.exe is not necessarily a virus. it's a general purpose MS Windows program that DLLs use. You could have several running at any time, but they are being used by different programs. that being said, it could be used by malicious software too
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/
http://www.neuber.com/taskmanager/process/svchost.exe.html

3/9/2007 9:14:57 AM

Quote :

"svchost.exe is not necessarily a virus"

It's more like svchost.exe is not a virus 999 time out of 1000.

3/9/2007 10:59:09 AM

download sp2 and every security patch after that. download the latest definitions for your AV software. do a repair install. unplug the network cable. boot in safe mode. install every patch and the new av defs. reboot into safe mode and do a full system scan. do yourself a favor and download ccleaner and use it to clean out all your temp files first. reboot. if that doesnt work, backup and reformat.

[Edited on March 9, 2007 at 11:01 AM. Reason : av software doesnt do shit if there are still holes in your OS]

3/9/2007 11:00:28 AM