The other day I received a notification via Resident Shield that the win32/Cryptor virus was detected. The only option presented in the dialog box was Ignore.
I looked in the manual for AVG under Resident Shield and it states the following:
7.6.1. Resident Shield Principles
The Resident Shield component gives your computer continuous protection. It scans
every single file that is being opened, saved, or copied, and guards the system areas
of the computer. When Resident Shield discovers a virus in a file that is accessed, it
stops the operation currently being performed and does not allow the virus to activate
itself. Normally, you do not even notice the process, as it runs "in the background",
and you only get notified when threats are found; at the same time, Resident Shield
blocks activation of the threat and removes it. Resident Shield is being loaded in the
memory of your computer during system startup.
After I received the message I have run a full virus scan using the software listed below. None of the programs detect any virus. I have not noticed any unusual behavior with any program. Does this mean that Resident Shield has blocked the virus? Is there any other program I should check with?
Windows XP Media Center 2005 Edition, Service Pack 3 installed
AVG 9.0.819 installed, Virus DB 271.1.1/2896
Spybot Search and Destroy 220.127.116.11 (systems settings protector 18.104.22.168)
AVG Rescue CD
Advanced SystemCare V.3.5.1
ZoneAlarm Firewall ZoneAlarm version:8.0.298.000
Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Virus found Win32/Cryptor";"C:\WINDOWS\system32\msfeedsbs.dll";"Object is white-listed (critical/system file that should not be removed)";"5/18/2010, 8:34:36 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Object is white-listed (critical/system file that should not be removed)"
You have a critical Windows system file that got infected... removing it without taking the proper steps would make your system unbootable. In short you need to do it manually. This is why that file is whitelisted.
Using your Windows CD... type SFC /SCANNOW on the run line to see if Windows will correct the issue for you or not. If not you will have to make the replacement from the Recovery Console that you can get to after booting from the CD.
AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063 Alan