Author Topic: Infected but unclear if i got them out or what to do next.  (Read 3597 times)

0 Members and 1 Guest are viewing this topic.

rainslyn

  • Guest
Infected but unclear if i got them out or what to do next.
« on: September 16, 2010, 07:43:31 AM »
Hi, I'm sorry to bother you, we have the avast free version, and have had issues with some
scattered infection that cleared and I even cleared the system restore and reset it so there was no change it could hide in that. All seems fine for a while and then a slow decline of behavior, with lagging. It turned out to be something I felt we got on the desk top because my husband downloaded adobe's new update, I didn't because of the bugs it had last update, and as soon as that hit he was not in control of his computer anymore it would disable avast and not allow use of ad aware. I had to finally do a system restore in safe mode because nothing was accessible it was totally controlling that computer, I had set a fresh restore point the morning before  that update according to the log, and after all seemed OK. and then as I said lagging and avast showed no infections on a daily quick scan and yet if you looked at the scan itself anyway, it said unable to open. but a "0" in the report after the scan. when i saw that yesterday I did a check and sure enough they all said that, and adaware found a malware and put in quarantine

{ Zango/W
c:\documents and settings\rain\local settings\temp\jxgl4rdn.exe.part}




I started to read the many posts here and advice you gave them for similar problems, and so even after nothing picked a bug up on scan, I downloaded malwarebytes that I saw frequently recommended, now that computer had also suddenly stopped downloading anything from internet not graphic not even a zip file. So I downloaded it to my laptop and drag dropped it to that computer in gtalk. opened it and ran the scan. It showed still 10 infections and I have the log for that I will post, but here is the tricky part, while i had the malware on the lap top I did a scan real quick, and I had 76 infections. That's when things went bad lol being up all night with the desk top and a graphic i have to have ready requires my computers. So while I was not expecting to find this very bad report I cleaned both computers rechecked them both. and I forgot to do the system restore clear and reset ..and since fate was going to have fun with me on this...a file was inadvertently deleted b y me that shouldn't have been, so sadly i had only one choice to do a system restore on the lap top to just before that file was deleted this morning but not before the malware clean, so..after the restore the computer was fine again and i did a very fast scan all over and had 30 not 70 this time but 30 malware. Did another scan, then deleted that version of malwarebytes, downloaded another to be sure it was not infected. I still have 0 infections now on lap top but wonder if avast needs to be deleted and re downloaded ? and the desk top still shows that file cannot be opened its off line,  i will enclose them both. I know I pulled a total blond moment here and I am sorry and embarrassed but if you have any thoughts that might help get this fixed for sure I would be grateful. Thank you, rain   THE DESK TOP REPORT HERE ,LAP TOP IS ATTACHED, It's too big for the post

                                                                    
DESK TOP                                                                    
                                            
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4620

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/15/2010 1:36:15 PM
mbam-log-2010-09-15 (13-36-15).txt

Scan type: Quick scan
Objects scanned: 140382
Time elapsed: 18 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
« Last Edit: September 16, 2010, 07:46:38 AM by rainslyn »

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Infected but unclear if i got them out or what to do next.
« Reply #1 on: September 16, 2010, 09:49:54 AM »
welcome here first

rescan your computer with malwarebytes and let it remove what it finds sens you have not take any action on the malware it found. hopefully your computer should be back to normal after that.

if you still thinks it infected meaby a second option is good. superantispyware is a another program that is recommended here so try that.

http://filehippo.com/download_superantispyware/

good luck and let us know how it goes.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Infected but unclear if i got them out or what to do next.
« Reply #2 on: September 16, 2010, 10:32:31 AM »
as mikaelrask say you need to click the " Remove Selected " button after the scan to quarantine the infections
and update before you scan as there have been several updates since the log you have, latest database now is 4626

rainslyn

  • Guest
Re: Infected but unclear if i got them out or what to do next.
« Reply #3 on: September 16, 2010, 01:10:32 PM »
Oh, I'm sorry, I must have made that sound so confusing, and thank you for getting back with me on this. Yes, I had already sent them to quarentine, after each scan was done. So, after the first scan of 76, I sent them to quarantine. and restarted my computer, and ran another scan ..that second scan came up clean with no infections. I did it again, just to be sure. and it was still no infections. However, between doing both the lap top and the desk top which was what I thought was infected, I forgot to do an immediate turn off the system restore to clean out or make sure none would be in there. It was several hours and the problem with my deleting a file by mistake that required me to do a restore to get that file back, and sadly it brought me to start again. after the file was recovered I did a scan again and sure enough, 30 or so more infections, they had to come from the restore. so i cleaned again then downloaded a fresh malwarebyt to be sure it was not corrupt, and did another scan now its says clean, and i have cleared the system restore and created the clean restore point. My question is will I need to do anything else like download a new avast? could that be corrupt and why it said no infections when I was scanning. I don't understand all the information but it seems that the virus prevented the security from seeing it? why on the desk top do I keep getting 0 infections, but the scanner log says unable to open file off line. ? I do apologize how confusing it is but basically I thought only the desk top had a problem and ended up with my lap top holding a total of 106 infections in quarentine. I was told once here that to leave an infection in quarterly was fine. for a month after that delete them. Thank you very much both of you. for your help, rain

rainslyn

  • Guest
Re: Infected but unclear if i got them out or what to do next.
« Reply #4 on: September 16, 2010, 01:50:45 PM »
Here, you can see screen shot of the quarantine, with all the virus's  have been in since i did the scan yesterday.  :) hope that makes my post a little less confusing,Thank you, rain

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Infected but unclear if i got them out or what to do next.
« Reply #5 on: September 16, 2010, 02:36:38 PM »
Quote
but the scanner log says unable to open file off line. ?
dono what that means  ???


You can let Essexboy have a look at it, if so follow this guide
http://forum.avast.com/index.php?topic=53253.0

To avoid using 20 post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

if you do this from both computers i recomend you use separate post for each pc

rainslyn

  • Guest
Re: Infected but unclear if i got them out or what to do next.
« Reply #6 on: September 16, 2010, 02:40:22 PM »
Alright, Thank you, and I'm sorry for confusing post. You have been great, Thank you, Mahala rain.