The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Rootkit in Windows 7... (Vitro Virus! Come in if you need help.)
Well, that's the rub. I have a rootkit but can't fix it because ComboFix doesn't run in Windows 7 yet. Unless i'm wrong...which is what I'm hoping.
Otherwise, you guys have any ideas of what I can do? I even fully reinstalled Windows 7 and it's STILL there. I get popups every 15 minutes or so for "http://85.114.141.207/meds/" with a little diologue box telling me to click "Yes."
It's notihng too harmful but its SUPER annoying. Ugh.
How could you possibly still have this after a reinstall unless it's included in your install disc (unlikely unless you, er, like leakage) or some program you install every time?
How could you possibly still have this after a reinstall unless it's included in your install disc (unlikely unless you, er, like leakage) or some program you install every time?
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
Though DE25's problem sort of reminds me of that non-damaging "virus" that someone built into the gcc compiler. Even if you had a clean copy of the compiler source code, the compiler virus would simply insert itself into the newly compiled compiler.
lowlylowlycook on
(Please do not gift. My game bank is already full.)
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
No way could a bios virus do this.
I would do a bare Windows install, run updates and then install apps one by one. Use each app for a day or two until you get the popups, then you will have a likely culprit. You could also have an infected network device or bad DNS server. You could (should) switch to opendns.com. Please post results or more info if you make progress.
You could also use process explorer to get some more info about the popup, such as its parent process. This could lead you to the location of the malware.
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
No way could a bios virus do this.
I would do a bare Windows install, run updates and then install apps one by one. Use each app for a day or two until you get the popups, then you will have a likely culprit. You could also have an infected network device or bad DNS server. You could (should) switch to opendns.com. Please post results or more info if you make progress.
You could also use process explorer to get some more info about the popup, such as its parent process. This could lead you to the location of the malware.
Thanks.
Right now I'm running Windows 7 barebones - aside from basic drivers, Firefox, Thunderbird, and Spybot, everything is off. I'm re-downloading a fresh copy of my 64-bit Windows 7 (7100) build for installation as we speak.
If you didn't last time, make sure you wipe the partition when you reinstall this time. If that doesn't work the poisoned DNS sounds like the most likely culprit (good catch mavis).
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
No way could a bios virus do this.
Sure it could. Rootkit could infect specific sectors on the hard disk each time, and the BIOS virus could be programmed to do nothing more than flag a few critical bytes of data as files rather than blank space. You could fit a virus that small into BIOS. Hell, the rootkit could even infect the MBR, pointing it at the critical spots. Unless you do the reinstall in such a manner that it forces the MBR to overwrite, you're still screwed each time you re-install.
Pheezer on
IT'S GOT ME REACHING IN MY POCKET IT'S GOT ME FORKING OVER CASH
CUZ THERE'S SOMETHING IN THE MIDDLE AND IT'S GIVING ME A RASH
Friend convinced me to try Avast! and set it to scan on reboot. It's still on 0% scanning (taking awhile....) but it's already found like 100+ filed infected with "Win32:Vitro"
Looks like once Avast! is done i'll be reinstalling Windows 7 and installing fresh copies of my software. Boy the Vitro virus is a rough son of a bitch.
Thank god I just keep my main data off on a separate hard drive.
EDIT:
Still at 0% and over 400 Win32:Vitro infections...
Running on Windows XP, have tried a lot to, but nothing worked out for me.
I do have a lot of weird windows taskmanager processes running, but when I kill them they keep coming back, even if I delete them in the C:/windows maps.
2 days ago the pop-up was an other site : http://www.guarddog2009.com/xxx/
Which was showing porn pictures by then, but now it changed to the same med thing., I'm glad that it changed to med-pills instead of porn, but it still sucks.
Pop-ups are also then when i'm not using the pc, and not even having a browser opened, so the virus opens browser itself. And when i'm playing a game or what-so-ever, the game mimimalizes to show the pop-up, which is also quite annoying.
It looks like my pc is having multiple virusses, but all repairing eachother. Different virusscanners do not solve the problem, neither does HiJackThis..
Also desperate for a solution.
EDIT : "Format / Re-installing isn't a real option for me, so I need to get this fixed "
Running on Windows XP, have tried a lot to, but nothing worked out for me.
I do have a lot of weird windows taskmanager processes running, but when I kill them they keep coming back, even if I delete them in the C:/windows maps.
2 days ago the pop-up was an other site : http://www.guarddog2009.com/xxx/
Which was showing porn pictures by then, but now it changed to the same med thing., I'm glad that it changed to med-pills instead of porn, but it still sucks.
Pop-ups are also then when i'm not using the pc, and not even having a browser opened, so the virus opens browser itself. And when i'm playing a game or what-so-ever, the game mimimalizes to show the pop-up, which is also quite annoying.
It looks like my pc is having multiple virusses, but all repairing eachother. Different virusscanners do not solve the problem, neither does HiJackThis..
Also desperate for a solution.
EDIT : "Format / Re-installing isn't a real option for me, so I need to get this fixed "
I'm far, far from a malware expert. But would booting off of a Linux CD and copying non-executable data files fix your problem and let you reinstall?
Stuff like this would make me think of this as the easiest way.
lowlylowlycook on
(Please do not gift. My game bank is already full.)
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
No way could a bios virus do this.
Sure it could. Rootkit could infect specific sectors on the hard disk each time, and the BIOS virus could be programmed to do nothing more than flag a few critical bytes of data as files rather than blank space. You could fit a virus that small into BIOS. Hell, the rootkit could even infect the MBR, pointing it at the critical spots. Unless you do the reinstall in such a manner that it forces the MBR to overwrite, you're still screwed each time you re-install.
It's also not out of the question that someone could write a normal, non-BIOS virus that (in addition to its other functions) would detect when you downloaded a Windows install disc image and automatically infect it. I've never heard of it happening, but it's certainly easily possible. This is why you don't use the infected computer to download a new copy of Windows.
Looks like once Avast! is done i'll be reinstalling Windows 7 and installing fresh copies of my software. Boy the Vitro virus is a rough son of a bitch.
Thank god I just keep my main data off on a separate hard drive.
EDIT:
Still at 0% and over 400 Win32:Vitro infections...
If that hard drive has ever been connected to the infected computer, that might be the problem. I don't know Vitro but if it's anything like Virut, it infects any sort of removable media attached to an infected computer via a autorun.ini file. Since you said you already formatted and reinstalled, I bet it just reinfected you when you attached some sort of removable media it had infected previously. You should probably boot with a LiveCD and format any external hard drives, USB drives, etc. that have touched the computer. While backing up your important files keep in mind that any .exe, .html, or .dll files are probably infected and can't be allowed to survive. Then format your main drive and reinstall. Don't attach any clean external media to an infected computer or vice versa while windows is running. So long as you format everything from inside a LiveCD environment and don't back up any of the sorts of files it attaches to, you should be okay.
Salvius on
0
TetraNitroCubaneNot Angry...Just VERY Disappointed...Registered Userregular
edited May 2009
I'd recommend running rootkit revealer once you get things up and running, just to make sure there's nothing lurking about that you don't want. Also, since it looks like this nasty is easily spread through removable media, once you get things reformatted, disable autorun. It's probably a good idea to leave it off entirely.
But sweet zombie christ on a pogo-stick, this Vitro bug looks nasty. How the hell can it infect after reinstallation? And how the heck does it infect to begin with?
I just wanted to say that I hope the people that write these sort of virii burn in hell. That's some pretty scary shit if it can reinfect itself after a fucking reformat, Jesus Christ.
As far as I've read people are reinfecting their systems after the reinstall with removable media.
Still it's pretty scary to see peoples reaction going from "After looking at your log files these are the 15 steps you need to clear your computer." that you normally see to "Fuck it. Nuking from orbit is the only way to be sure."
lowlylowlycook on
(Please do not gift. My game bank is already full.)
Looks like you could be right. How would I go about cleaning my infected media? So far I've disabled autorun via registry...butis there any safer way? otherwise I'll just feformat my USB via my friend's Macbook :-\
Desert_Eagle25 on
0
ViscountalphaThe pen is mightier than the swordhttp://youtu.be/G_sBOsh-vyIRegistered Userregular
edited May 2009
Wouldn't reflashing the bios clear out such a virus? I mean that is unless the virus disables the reflashing process.
Hey Desert_Eagle, just so we're covering all of our bases, do you happen to still have the original ISO you burned the install DVD from? If so, could you download and install this program, load the ISO into it (right-click on the file, then select properties) and compare the SHA-1 and CRC-32 hash to one of these references?
Windows 7 Ultimate RC (x86) - DVD (English)
SHA1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712
CRC-32: E8A1C394
Windows 7 Ultimate RC (x64) - DVD (English)
SHA1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874
CRC32: 58FB2BE0
how do you catch this virus? would a hardware firewall, not using IE and using up-to-date versions of Opera and Avast! be safe?
edit: what I mean, do you have to run an exe, has it other vectors?
autono-wally, erotibot300 on
0
TetraNitroCubaneNot Angry...Just VERY Disappointed...Registered Userregular
edited May 2009
I think you might be able to mount the removable media in a virtualized environment, or simply mount it without autorun and clean it that way. I'm not sure what the best course of action is, though. If you mount onto a macbook, you should be able to snag critical non-executable/dll files, then Nuke'n'Pave the drive.
how do you catch this virus? would a hardware firewall, not using IE and using up-to-date versions of Opera and Avast! be safe?
edit: what I mean, do you have to run an exe, has it other vectors?
I'm curious about this as well. Forum threads about the `tubes seem to indicate that online movie watching (i.e. sites promising cinema run movies, not YouTube) can lead to infection through the old 'You need a Codec!' trick, but as Vitro evolves, it might need less and less user input. Was there any indicatin of what caused initial infection, DEagle?
Looks like you could be right. How would I go about cleaning my infected media? So far I've disabled autorun via registry...butis there any safer way? otherwise I'll just feformat my USB via my friend's Macbook :-\
Probably easiest to just reformat. If it's just a USB drive it shouldn't be too difficult to copy off everything that's not an .exe, format, and put it back. I wouldn't let it touch a Windows computer even with autorun turned off, there's no such thing as being too careful with Virut and its derivatives. Normally you'd want to boot up a Ubuntu LiveCD and format from there, but a Macbook should work fine too. Just make sure you don't miss some piece of media, remember that it infects stuff like the SD cards in cameras or those dumb electronic photo frames that you might not automatically think of.
how do you catch this virus? would a hardware firewall, not using IE and using up-to-date versions of Opera and Avast! be safe?
edit: what I mean, do you have to run an exe, has it other vectors?
IE on Vista & Win7 has three layers of protection that keep things like this from installing. First, ActiveX controls have not be allowed to auto-run since IE6. Second is protected mode, this is a sandbox mode that keeps web items from installing/running in your system. Third is UAC, that works with protected mode so any program from the web has to get your permission to install or run.
UAC has already been recording at being 100% effective at blocking root kits. This thing slips in off flash media and installs of codecs. This is not an IE issue, though you should always keep IE up to date whether you use it or not.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
how do you catch this virus? would a hardware firewall, not using IE and using up-to-date versions of Opera and Avast! be safe?
edit: what I mean, do you have to run an exe, has it other vectors?
IE on Vista & Win7 has three layers of protection that keep things like this from installing. First, ActiveX controls have not be allowed to auto-run since IE6. Second is protected mode, this is a sandbox mode that keeps web items from installing/running in your system. Third is UAC, that works with protected mode so any program from the web has to get your permission to install or run.
UAC has already been recording at being 100% effective at blocking root kits. This thing slips in off flash media and installs of codecs. This is not an IE issue, though you should always keep IE up to date whether you use it or not.
I always keep all my soft ware up-to-date, ESPECIALLY IE..
And I actually like UAC and the control it gives me, and never can understand people bitching
But I think I'm in minority :P
glad you are making progress, I'm just going to post some general security tips that could help prevent this from happening in the future...
On your new install, make a secondary admin account and change your personal account to limited. Use run as or a separate instance of explorer to perform admin tasks.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
You should be fine with only clearing out all .exe, .dll, and .html files on the external drives, rather than a full reformat. There could be an issue if you ever boot from those drives though.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
You should be fine with only clearing out all .exe, .dll, and .html files on the external drives, rather than a full reformat. There could be an issue if you ever boot from those drives though.
My uninformed impression is that the biggest problem is some auto-exec . file. I'd go with pull all known non-execs off and nuke.
lowlylowlycook on
(Please do not gift. My game bank is already full.)
never boot from them. only use them for storage of family photos and movie files. do have a couple of apps such as VLC but i will delete remove any infectable files.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
You should be fine with only clearing out all .exe, .dll, and .html files on the external drives, rather than a full reformat. There could be an issue if you ever boot from those drives though.
My uninformed impression is that the biggest problem is some auto-exec . file. I'd go with pull all known non-execs off and nuke.
The autorun.inf file has to have a target to autorun, so deleting the exes and clearing out autorun.inf should take care of that.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
For starters you need to try a different anti-virus, AVG has limited ability at removing viruses. Download the free trial of NOD32. You could also give Malwarebytes a try, it's probably the best anti-malware program.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
For starters you need to try a different anti-virus, AVG has limited ability at removing viruses. Download the free trial of NOD32. You could also give Malwarebytes a try, it's probably the best anti-malware program.
Could you elaborate? This is the first time I have heard this, any other gripe against AVG has been it's simplistic UI and its penchant to mark Windows system files as viruses when they aren't.
For serious virus clean up I recommend Trinity Rescue Kit. You pop the CD in, boot it (linux) and run virus scans. It has 5 different virus scanners you can use (if you're Linux-savvy you can figure out how to run them all at once).
I've used this to take completely ruined PCs to fully usable. Also make sure to keep a good real-time scanner going and DISABLE AUTORUN. Lately autorun on USB drives has been spreading viruses like crazy in offices and stuff.
Edit: I recommend Avast! or Avira for free anti-virus. They seem to be the top dogs in ratings. They're both fast, too.
Edit again: Here are some basic instructions for TRK virus scanning. Keep in mind I only boot with SSH so I use Putty to connect remotely, but this should work on the computer itself when you are at the command line.
From this page - the command is "virusscan" and you use the argument "-a" with one of the scanners. So to scan with AVG you would type "virusscan -a avg" and press enter, then let it run. It may ask Y/N questions about downloading the updated virus definitions. Then say you want to run bit-defender you would use "virusscan -a bde". Typing just "virusscan -help" and pressing enter will show you a quick help and list the different virus scanners available (I think it has more than the web page lists).
I've got it all fixed now, no pops-up or any shit the last 12 hours, I'll check in tomorrow around this time to tell if it still is all away, if it is, I will share what I did.. even tho I don't fully remember everything ...
I didn't format or reinstalled anything, just killed lots of processes and run lots of anti-malware/virusscans, and did some stuff on my own. LOTS of GOOGLING
but when it's fully away for the next 24 hours to, I will try to figure out what I exactly did
Posts
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
I have a vague recollection of reading something about a virus that infected your bios. That would be scary indeed.
Though DE25's problem sort of reminds me of that non-damaging "virus" that someone built into the gcc compiler. Even if you had a clean copy of the compiler source code, the compiler virus would simply insert itself into the newly compiled compiler.
(Please do not gift. My game bank is already full.)
I would do a bare Windows install, run updates and then install apps one by one. Use each app for a day or two until you get the popups, then you will have a likely culprit. You could also have an infected network device or bad DNS server. You could (should) switch to opendns.com. Please post results or more info if you make progress.
You could also use process explorer to get some more info about the popup, such as its parent process. This could lead you to the location of the malware.
Thanks.
Right now I'm running Windows 7 barebones - aside from basic drivers, Firefox, Thunderbird, and Spybot, everything is off. I'm re-downloading a fresh copy of my 64-bit Windows 7 (7100) build for installation as we speak.
Sure it could. Rootkit could infect specific sectors on the hard disk each time, and the BIOS virus could be programmed to do nothing more than flag a few critical bytes of data as files rather than blank space. You could fit a virus that small into BIOS. Hell, the rootkit could even infect the MBR, pointing it at the critical spots. Unless you do the reinstall in such a manner that it forces the MBR to overwrite, you're still screwed each time you re-install.
CUZ THERE'S SOMETHING IN THE MIDDLE AND IT'S GIVING ME A RASH
208.67.222.222 and 208.67.220.220
make sure to log in to the site and customize it so they dont advertise stuff when you make a typo
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
Hopefully I'll find success tonight!
http://www.malwarebytes.org/
Thank god I just keep my main data off on a separate hard drive.
EDIT:
Still at 0% and over 400 Win32:Vitro infections...
Anyone who's read about Virut knows what a fucking son of a bitch that virus is.
I would just skip the scan and reinstall now.
[edit]though, if this thread is any indication, Vitro has a tendency to return even after a reformat. That's pretty worrying.
Running on Windows XP, have tried a lot to, but nothing worked out for me.
I do have a lot of weird windows taskmanager processes running, but when I kill them they keep coming back, even if I delete them in the C:/windows maps.
2 days ago the pop-up was an other site : http://www.guarddog2009.com/xxx/
Which was showing porn pictures by then, but now it changed to the same med thing., I'm glad that it changed to med-pills instead of porn, but it still sucks.
Pop-ups are also then when i'm not using the pc, and not even having a browser opened, so the virus opens browser itself. And when i'm playing a game or what-so-ever, the game mimimalizes to show the pop-up, which is also quite annoying.
It looks like my pc is having multiple virusses, but all repairing eachother. Different virusscanners do not solve the problem, neither does HiJackThis..
Also desperate for a solution.
EDIT : "Format / Re-installing isn't a real option for me, so I need to get this fixed "
I'm far, far from a malware expert. But would booting off of a Linux CD and copying non-executable data files fix your problem and let you reinstall?
Stuff like this would make me think of this as the easiest way.
(Please do not gift. My game bank is already full.)
It's also not out of the question that someone could write a normal, non-BIOS virus that (in addition to its other functions) would detect when you downloaded a Windows install disc image and automatically infect it. I've never heard of it happening, but it's certainly easily possible. This is why you don't use the infected computer to download a new copy of Windows.
If that hard drive has ever been connected to the infected computer, that might be the problem. I don't know Vitro but if it's anything like Virut, it infects any sort of removable media attached to an infected computer via a autorun.ini file. Since you said you already formatted and reinstalled, I bet it just reinfected you when you attached some sort of removable media it had infected previously. You should probably boot with a LiveCD and format any external hard drives, USB drives, etc. that have touched the computer. While backing up your important files keep in mind that any .exe, .html, or .dll files are probably infected and can't be allowed to survive. Then format your main drive and reinstall. Don't attach any clean external media to an infected computer or vice versa while windows is running. So long as you format everything from inside a LiveCD environment and don't back up any of the sorts of files it attaches to, you should be okay.
But sweet zombie christ on a pogo-stick, this Vitro bug looks nasty. How the hell can it infect after reinstallation? And how the heck does it infect to begin with?
Still it's pretty scary to see peoples reaction going from "After looking at your log files these are the 15 steps you need to clear your computer." that you normally see to "Fuck it. Nuking from orbit is the only way to be sure."
(Please do not gift. My game bank is already full.)
Windows 7 Ultimate RC (x86) - DVD (English)
SHA1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712
CRC-32: E8A1C394
Windows 7 Ultimate RC (x64) - DVD (English)
SHA1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874
CRC32: 58FB2BE0
edit: what I mean, do you have to run an exe, has it other vectors?
I'm curious about this as well. Forum threads about the `tubes seem to indicate that online movie watching (i.e. sites promising cinema run movies, not YouTube) can lead to infection through the old 'You need a Codec!' trick, but as Vitro evolves, it might need less and less user input. Was there any indicatin of what caused initial infection, DEagle?
Probably easiest to just reformat. If it's just a USB drive it shouldn't be too difficult to copy off everything that's not an .exe, format, and put it back. I wouldn't let it touch a Windows computer even with autorun turned off, there's no such thing as being too careful with Virut and its derivatives. Normally you'd want to boot up a Ubuntu LiveCD and format from there, but a Macbook should work fine too. Just make sure you don't miss some piece of media, remember that it infects stuff like the SD cards in cameras or those dumb electronic photo frames that you might not automatically think of.
IE on Vista & Win7 has three layers of protection that keep things like this from installing. First, ActiveX controls have not be allowed to auto-run since IE6. Second is protected mode, this is a sandbox mode that keeps web items from installing/running in your system. Third is UAC, that works with protected mode so any program from the web has to get your permission to install or run.
UAC has already been recording at being 100% effective at blocking root kits. This thing slips in off flash media and installs of codecs. This is not an IE issue, though you should always keep IE up to date whether you use it or not.
http://www.precisesecurity.com/blogs/2009/04/08/win32-vitro/
http://www.2-spyware.com/remove-win32-vitro.html
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
And I actually like UAC and the control it gives me, and never can understand people bitching
But I think I'm in minority :P
On your new install, make a secondary admin account and change your personal account to limited. Use run as or a separate instance of explorer to perform admin tasks.
Disable autorun to prevent infected media from auto-running and spreading themselves.
http://support.microsoft.com/kb/967715
You should be fine with only clearing out all .exe, .dll, and .html files on the external drives, rather than a full reformat. There could be an issue if you ever boot from those drives though.
My uninformed impression is that the biggest problem is some auto-exec . file. I'd go with pull all known non-execs off and nuke.
(Please do not gift. My game bank is already full.)
For starters you need to try a different anti-virus, AVG has limited ability at removing viruses. Download the free trial of NOD32. You could also give Malwarebytes a try, it's probably the best anti-malware program.
Could you elaborate? This is the first time I have heard this, any other gripe against AVG has been it's simplistic UI and its penchant to mark Windows system files as viruses when they aren't.
I've used this to take completely ruined PCs to fully usable. Also make sure to keep a good real-time scanner going and DISABLE AUTORUN. Lately autorun on USB drives has been spreading viruses like crazy in offices and stuff.
Edit: I recommend Avast! or Avira for free anti-virus. They seem to be the top dogs in ratings. They're both fast, too.
Edit again: Here are some basic instructions for TRK virus scanning. Keep in mind I only boot with SSH so I use Putty to connect remotely, but this should work on the computer itself when you are at the command line.
From this page - the command is "virusscan" and you use the argument "-a" with one of the scanners. So to scan with AVG you would type "virusscan -a avg" and press enter, then let it run. It may ask Y/N questions about downloading the updated virus definitions. Then say you want to run bit-defender you would use "virusscan -a bde". Typing just "virusscan -help" and pressing enter will show you a quick help and list the different virus scanners available (I think it has more than the web page lists).
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
I didn't format or reinstalled anything, just killed lots of processes and run lots of anti-malware/virusscans, and did some stuff on my own. LOTS of GOOGLING
but when it's fully away for the next 24 hours to, I will try to figure out what I exactly did
I love Avast and Nod32.