I seem to have a virus that nothing can seem to help right now. I was on AIM and saw a link in my friend's profile, stupidly I clicked on it and accepted the ActiveX because I knew it was just my friend so he wouldn't have anything bad. It turned out to be a virus and he forgot to tell me not to click on it. It says the following in an away message that it randomly pops up on AIM: PICS FROM VALENTINES http://www.abcbirds.org/photos.pif :-) !!! I have antivir and it seems to recognize it when I try going back on the page to see what happens. It tells me that what I'm about to do is a virus. When I scan though it seems to have helped me not even though deleting viruses it found. I do not even know the name of this virus.

Some things this virus does:
Disables my control alt delete
disables running msconfig
changes my away message to the mentioned link containing a virus

If this helps...when I ran a virus check on AVG it found the viruses IRC/backdoor.flood, trojan horse hide window, and worm/tzet.A.

It couldn't delete any of those viruses.

Please help me!

Try booting into safe mode and running the AVG this way to see if it can delete it , or try a system restore , or try this link for a free scan/cleaner
Free Scan

" IF IT AINT BROKE LEAVE IT ALONE "

I HAVE THE SAME ONE!!! I'm getting very frustrated, because now it has mutated from saying PICS FROM VALENTINES to PICS FROM THE BEACH. And I can clone AIM, so it opens about 16 different AIM's and puts up the away message in each. McAfee doesn't show anything, and there's no information anywhere. AIMFIX doesn't work... What should i do??? Help!

I have the same one, so i did a google search on it and this website popped up http://computercops.biz/postp463477.html its a forum but it has a few more posts then this one

i have hte same virus if someones finds a way to get rid of it email it to me i am getting pissed off

Delete c:\windows\system32\drwebav.exe it is a hidden file so be sure to check your settings if you don't see it. Use a process killer besides task manager to end the process before you delete.... or delete in safe mode

Go to http://www.jayloden.com/aimfix.htm

Download AIM Fix and you'll be set straight!!!

I deleted DrWEBAV.exe and used the AIM fix in the above post, but now I cannot open "My Computer". Does anyone have any ideas?

My son saw the Valentine's link and clicked - his virus scanner detected it but it downloaded anyway. There were at least two trojans and five or more ad popup programs or spyware.

Boot up in safe mode then do a search for all files modified in the 24 hr period when you first got the trojans/spyware. Delete them and then search the registry. Some of the files to look for:
lshosts.exe
jsdaemon.exe
drwebav.exe
bullseye.exe
envolo (?)
autoupdater

I have forgotten the others and my daughter's computer has two trojans so I may be confusing some of them. One of them trashed the virus scanner by setting the files to 0 bytes! One of the ad programs actually had a readme file stating the files and HKEYS they installed.

sysinternals.com has some good tools to find out what exe files are connected to what HKEYS. Use them before deleting the exe files.

One of the computers is so damaged now that I am going to reformat and reload. I have spent enough time on it so the f----heads won this round. I am surprised the virus scanners detected them but could not stop them. The Valentines load also changes your configuration setting so we cannot drag desktop icons or see files in MyComputer. drwebav.exe also closes the taskmgr two seconds after opening it.

Good luck,
Oldmansj

I had the same problem--strange away messages popping up, task manager, regedit and msconfig wouldn't start. Neither Norton nor McAfee could find a virus. I did a search for some of the files listed in the other replies, and when I searched for text inside the files Norton found a virus in Windows\System32\winamp6.exe. I retarted in safe mode, deleted this file and everything seems to be working properly now.

My brother did the same thing, and heres how i fixed it. First go to Run then type cmd. Next in command prompt type in tasklist. Look through the list and see if u see any weird names of antiviruses like so:

KASPERantivirus.exe
normanantivirus.exe

or any names of antiviruses u don't have. Next type in the following:

taskkill /IM *PROCESS NAME HERE* /f

After that go into search and search for the name of the process u just killed. Be sure though that under advanced options you have "Search subfolders" selected or else it will not find this. Then just delete the virus file and u should be fine. To test if it worked try ctrl+alt+delete and if it closes within .5 seconds or more then it did not work. Hope i helped

Nick

help...I have the same virus. I'm scared to delete any files, just in case I delete the wrong ones and mess the computer up even more. The away message virus is more of a pest rather than a serious problem, but I would still like to remove it. I read earlier about deleting c:\windows\system32\drwebav.exe but someone else said that deleting that file will stop your mycomputer icon from opening up!!! PLEASE HELP!! What can I be sure to delete?

I think I found a solution...

1. Go to http://www.jayloden.com/BestFriends.htm

2. If the description sounds like your aim virus, then click the download aimfix at the bottom of the page

3. Save the aimfix to your computer

4. After the aimfix is downloaded, run the program. I had to run the program twice in order to get it to work

5. Open up aim...there will be a link in your profile saying that the virus has been deleted.

msconfig now opens on my computer and the task manager doesn't shut itself down. I think this solved the problem...

If this works for anyone else please let me know.

Good luck!!

A simpler solution seems to have worked for me using System Restore in Windows XP. At initial infection, ctrl-alt-del (taskmgr) stopped working, and the AOL IM away message immediately changed to the "PICS FROM THE BEACH" link. Since no new software had been added to the PC since its last System Restore point (the previous night), I figured maybe I'd get lucky and restoring to the privious night might fix the problem- as best as I can tell, it did!