I run AVG with an up to date database and with email protection enabled and
also Zonealarm, but today had a warning I had a virus.

AVG reported I had a Worm/Lovsan.A which showed up as
Windows\System32\MSLAUGH.EXE.

Can anyone tell me how this could have slipped thru my current virus
protection, a little worrying to say the least!

Thanks

G


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003

To be sure I am virus free I went to the Housecall online Virus checker and
it found a malware.WORM_NACHI.A in my registry!!

How come AVG didn't detect a virus when it arrived on my PC, but found a
virus when I ran the virus checker?

Thanks for any advice!

G


"Greg" > wrote in message
...
> I run AVG with an up to date database and with email protection enabled
and
> also Zonealarm, but today had a warning I had a virus.
>
> AVG reported I had a Worm/Lovsan.A which showed up as
> Windows\System32\MSLAUGH.EXE.
>
> Can anyone tell me how this could have slipped thru my current virus
> protection, a little worrying to say the least!
>
> Thanks
>
> G
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003

Maybe you got it before your last AVG update?

Have you installed Windows security updates mentioned in following?
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/technet/security/bulletin/MS03-007.asp

John A

On Sat, 1 Nov 2003 17:48:00 +0000 (UTC), "Greg" >
wrote:

>I run AVG with an up to date database and with email protection enabled and
>also Zonealarm, but today had a warning I had a virus.
>
>AVG reported I had a Worm/Lovsan.A which showed up as
>Windows\System32\MSLAUGH.EXE.
>
>Can anyone tell me how this could have slipped thru my current virus
>protection, a little worrying to say the least!
>
>Thanks
>
>G
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003
>

Which update do I download for XP 64 or 32bit?

Thanks

G


"John A" > wrote in message
...
> Maybe you got it before your last AVG update?
>
> Have you installed Windows security updates mentioned in following?
> http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
> http://www.microsoft.com/technet/security/bulletin/MS03-007.asp
>
> John A
>
> On Sat, 1 Nov 2003 17:48:00 +0000 (UTC), "Greg" >
> wrote:
>
> >I run AVG with an up to date database and with email protection enabled
and
> >also Zonealarm, but today had a warning I had a virus.
> >
> >AVG reported I had a Worm/Lovsan.A which showed up as
> >Windows\System32\MSLAUGH.EXE.
> >
> >Can anyone tell me how this could have slipped thru my current virus
> >protection, a little worrying to say the least!
> >
> >Thanks
> >
> >G
> >
> >
> >---
> >Outgoing mail is certified Virus Free.
> >Checked by AVG anti-virus system (http://www.grisoft.com).
> >Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003
> >
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003

Greetings --

If you have to ask, you're almost definitely running the 32-bit
version of WinXP. (I'm not trying to be facetious; I'm sure you'd
have noticed paying several thousand dollars more for the Itanium or
Itanium II CPU required to run the 64-bit version of WinXP Pro.)
There is no 64-bit version of WinXP Home.

Windows XP 64-Bit Edition Overview
http://www.microsoft.com/windowsxp/64bit/overview.asp

To verify for yourself, Click Start > Run, type in "Winver" and
press <Enter>. If the resulting dialog box does not _explicitly_
state that you have "Windows XP 64-Bit Edition," then you have a
32-bit OS.


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Greg" > wrote in message
...
> Which update do I download for XP 64 or 32bit?
>
> Thanks
>
> G
>
>

Answers the question, thanks Bruce!

"Bruce Chambers" > wrote in message
...
> Greetings --
>
> If you have to ask, you're almost definitely running the 32-bit
> version of WinXP. (I'm not trying to be facetious; I'm sure you'd
> have noticed paying several thousand dollars more for the Itanium or
> Itanium II CPU required to run the 64-bit version of WinXP Pro.)
> There is no 64-bit version of WinXP Home.
>
> Windows XP 64-Bit Edition Overview
> http://www.microsoft.com/windowsxp/64bit/overview.asp
>
> To verify for yourself, Click Start > Run, type in "Winver" and
> press <Enter>. If the resulting dialog box does not _explicitly_
> state that you have "Windows XP 64-Bit Edition," then you have a
> 32-bit OS.
>
>
> Bruce Chambers
>
> --
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. -- RAH
>
>
> "Greg" > wrote in message
> ...
> > Which update do I download for XP 64 or 32bit?
> >
> > Thanks
> >
> > G
> >
> >
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.535 / Virus Database: 330 - Release Date: 01/11/2003

Greetings --

You're welcome.

Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Greg" > wrote in message
...
> Answers the question, thanks Bruce!
>



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.534 / Virus Database: 329 - Release Date: 31-Oct-03

On Sun, 2 Nov 2003 09:44:13 +0000 (UTC), Greg wrote:

> Which update do I download for XP 64 or 32bit?
>
> Thanks
>
> G
>
>

Most likely you need the 32bit download. If you use Start> Run and type in
winver and click OK, a screen will appear. If you have a 64bit version of
XP installed, the screen that appears will state that fact.

PS: Your antivirus program's auto signature is showing October 10. May want
to check that this is the most current update to AVG that is available.

Some viruses are capable of goofing up your antivirus protection. You can
run an online scan if you suspect that might be the case. Here's links to a
few of the online scanners:
http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
http://housecall.trendmicro.com/
http://www.avp.ru/remoteviruschk.html
http://www3.ca.com/virusinfo/virusscan.aspx

--
Sharon F
MS MVP - Windows Shell/User

More help needed please?



Just to recap on where I am now with this Virus thing. AVG healed the
Worm/Lovsan.A and Housecall Online Virus Checker also found something in my
registry, which it healed.



So I thought I was sorted, but tonight I have just got a message to say that
there is a worm/Lovsan.A virus in one of my XP restore files...



C: System Volume Info \restore { etc etc



I have just therefore run a complete AVG test again and it hasn't detected a
virus!!!??! So where did the message box on my screen earlier come from
telling me I had another virus and to run AVG to remove it??



So firstly, where is this file I cannot seems to find it or any restore
files? Also my experience of Windows ME was that you needed to be in Safe
Mode to delete restore files, but by pressing F8 or F9 on start up with XP
Home I cannot get into the menu to select Safe Mode.



Can anyone help please?



Many thanks



G


"Greg" > wrote in message
...
> I run AVG with an up to date database and with email protection enabled
and
> also Zonealarm, but today had a warning I had a virus.
>
> AVG reported I had a Worm/Lovsan.A which showed up as
> Windows\System32\MSLAUGH.EXE.
>
> Can anyone tell me how this could have slipped thru my current virus
> protection, a little worrying to say the least!
>
> Thanks
>
> G
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.535 / Virus Database: 330 - Release Date: 01/11/2003

Greetings --

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, and
then re-enable System Restore, if you like. This will delete all of
your Restore Points, including the corrupted one(s), and allow you
start with a clean slate.

However, if you have Restore Points that you'd really rather not
lose, and know which one is corrupted:

How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531



Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Greg" > wrote in message
...
> More help needed please?
>
>
>
> Just to recap on where I am now with this Virus thing. AVG healed
the
> Worm/Lovsan.A and Housecall Online Virus Checker also found
something in my
> registry, which it healed.
>
>
>
> So I thought I was sorted, but tonight I have just got a message to
say that
> there is a worm/Lovsan.A virus in one of my XP restore files...
>
>
>
> C: System Volume Info \restore { etc etc
>
>
>
> I have just therefore run a complete AVG test again and it hasn't
detected a
> virus!!!??! So where did the message box on my screen earlier come
from
> telling me I had another virus and to run AVG to remove it??
>
>
>
> So firstly, where is this file I cannot seems to find it or any
restore
> files? Also my experience of Windows ME was that you needed to be
in Safe
> Mode to delete restore files, but by pressing F8 or F9 on start up
with XP
> Home I cannot get into the menu to select Safe Mode.
>
>
>
> Can anyone help please?
>
>
>
> Many thanks
>
>
>
> G
>
>

On Sun, 2 Nov 2003 19:52:03 +0000 (UTC), Greg wrote:

> More help needed please?
>
>
>
> Just to recap on where I am now with this Virus thing. AVG healed the
> Worm/Lovsan.A and Housecall Online Virus Checker also found something in my
> registry, which it healed.
>
>
>
> So I thought I was sorted, but tonight I have just got a message to say that
> there is a worm/Lovsan.A virus in one of my XP restore files...
>
>
>
> C: System Volume Info \restore { etc etc
>
>
>
> I have just therefore run a complete AVG test again and it hasn't detected a
> virus!!!??! So where did the message box on my screen earlier come from
> telling me I had another virus and to run AVG to remove it??
>
>
>
> So firstly, where is this file I cannot seems to find it or any restore
> files? Also my experience of Windows ME was that you needed to be in Safe
> Mode to delete restore files, but by pressing F8 or F9 on start up with XP
> Home I cannot get into the menu to select Safe Mode.
>
>
>
> Can anyone help please?
>

...\System Volume Information\ is where your System Restore points are kept.
It's not unusual to get a notice about a virus being stuck in there. Delete the
old restore points and you can get rid of it. You can do this by clearing all of
your restore points:

Method 1: Using System Properties, disable System Restore. Re-enable System
Restore

Method 2: Change the allotted amount of space reserved for System Restore.
Also done in System Properties.

Or you can create a restore point (if you're sure your system is clean now)
and then use Disk CleanUp to remove all but the most recent restore
point.

NOTE: I just had something similar happen here last week. A virus located
in folder reserved for newsgroup attachments was not deleted by my
antivirus program. Identified but not deleted. After manually deleting, it
was copied to the System Restore folders (*.EXE is a file type monitored
by System Restore). I promptly got a notice that there was now a virus in
System Restore. Cleared the Restore points and all was right with the
world once again. The system was never infected. It just had this virus file
floating around until I could delete it completely.

For a Safe Mode boot with XP, press F8 after POST and before Windows starts
to load. Timing can be tricky and it may take a few attempts before the
Advanced Start Menu appears where you can elect to start in safe mode.

--
Sharon F
MS MVP - Windows Shell/User

AV cannot access files in system restore - clean them out - Start /
Control Panel / System Restore - Check "Turn off ...", reboot, the
turn on System restore again.

John A

On Sun, 2 Nov 2003 19:52:03 +0000 (UTC), "Greg" >
wrote:

>More help needed please?
>
>
>
>Just to recap on where I am now with this Virus thing. AVG healed the
>Worm/Lovsan.A and Housecall Online Virus Checker also found something in my
>registry, which it healed.
>
>
>
>So I thought I was sorted, but tonight I have just got a message to say that
>there is a worm/Lovsan.A virus in one of my XP restore files...
>
>
>
>C: System Volume Info \restore { etc etc
>
>
>
>I have just therefore run a complete AVG test again and it hasn't detected a
>virus!!!??! So where did the message box on my screen earlier come from
>telling me I had another virus and to run AVG to remove it??
>
>
>
>So firstly, where is this file I cannot seems to find it or any restore
>files? Also my experience of Windows ME was that you needed to be in Safe
>Mode to delete restore files, but by pressing F8 or F9 on start up with XP
>Home I cannot get into the menu to select Safe Mode.
>
>
>
>Can anyone help please?
>
>
>
>Many thanks
>
>
>
>G
>
>
>"Greg" > wrote in message
...
>> I run AVG with an up to date database and with email protection enabled
>and
>> also Zonealarm, but today had a warning I had a virus.
>>
>> AVG reported I had a Worm/Lovsan.A which showed up as
>> Windows\System32\MSLAUGH.EXE.
>>
>> Can anyone tell me how this could have slipped thru my current virus
>> protection, a little worrying to say the least!
>>
>> Thanks
>>
>> G
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.534 / Virus Database: 329 - Release Date: 31/10/2003
>>
>>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.535 / Virus Database: 330 - Release Date: 01/11/2003
>

Brilliant, thanks Sharon!


"Sharon F" > wrote in message
...
> On Sun, 2 Nov 2003 19:52:03 +0000 (UTC), Greg wrote:
>
> > More help needed please?
> >
> >
> >
> > Just to recap on where I am now with this Virus thing. AVG healed the
> > Worm/Lovsan.A and Housecall Online Virus Checker also found something in
my
> > registry, which it healed.
> >
> >
> >
> > So I thought I was sorted, but tonight I have just got a message to say
that
> > there is a worm/Lovsan.A virus in one of my XP restore files...
> >
> >
> >
> > C: System Volume Info \restore { etc etc
> >
> >
> >
> > I have just therefore run a complete AVG test again and it hasn't
detected a
> > virus!!!??! So where did the message box on my screen earlier come from
> > telling me I had another virus and to run AVG to remove it??
> >
> >
> >
> > So firstly, where is this file I cannot seems to find it or any restore
> > files? Also my experience of Windows ME was that you needed to be in
Safe
> > Mode to delete restore files, but by pressing F8 or F9 on start up with
XP
> > Home I cannot get into the menu to select Safe Mode.
> >
> >
> >
> > Can anyone help please?
> >
>
> ..\System Volume Information\ is where your System Restore points are
kept.
> It's not unusual to get a notice about a virus being stuck in there.
Delete the
> old restore points and you can get rid of it. You can do this by clearing
all of
> your restore points:
>
> Method 1: Using System Properties, disable System Restore. Re-enable
System
> Restore
>
> Method 2: Change the allotted amount of space reserved for System Restore.
> Also done in System Properties.
>
> Or you can create a restore point (if you're sure your system is clean
now)
> and then use Disk CleanUp to remove all but the most recent restore
> point.
>
> NOTE: I just had something similar happen here last week. A virus located
> in folder reserved for newsgroup attachments was not deleted by my
> antivirus program. Identified but not deleted. After manually deleting, it
> was copied to the System Restore folders (*.EXE is a file type monitored
> by System Restore). I promptly got a notice that there was now a virus in
> System Restore. Cleared the Restore points and all was right with the
> world once again. The system was never infected. It just had this virus
file
> floating around until I could delete it completely.
>
> For a Safe Mode boot with XP, press F8 after POST and before Windows
starts
> to load. Timing can be tricky and it may take a few attempts before the
> Advanced Start Menu appears where you can elect to start in safe mode.
>
> --
> Sharon F
> MS MVP - Windows Shell/User


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.535 / Virus Database: 330 - Release Date: 01/11/2003

On Mon, 3 Nov 2003 09:00:59 +0000 (UTC), Greg wrote:

> Brilliant, thanks Sharon!
>
>
You're welcome, Greg!


--
Sharon F
MS MVP - Windows Shell/User

On Sun, 2 Nov 2003 09:44:13 +0000 (UTC), "Greg" >
wrote:

>Which update do I download for XP 64 or 32bit?
>
32 bit always

Peter Hutchison
Windows FAQ
http://www.pcguru.plus.com/

On Sat, 1 Nov 2003 17:48:00 +0000 (UTC), "Greg" >
wrote:

>I run AVG with an up to date database and with email protection enabled and
>also Zonealarm, but today had a warning I had a virus.
>
>AVG reported I had a Worm/Lovsan.A which showed up as
>Windows\System32\MSLAUGH.EXE.
>
>Can anyone tell me how this could have slipped thru my current virus
>protection, a little worrying to say the least!
>
The AV software will not Stop Nachi or MSBlast/Lovsan viruses without
installing patches against reinfection over the internet (it uses a
different method to spread using vunerabilities in XP OS). D/L patches
from http://windowsupdate.microsoft.com

Peter Hutchison
Windows FAQ
http://www.pcguru.plus.com/