Avast WEBforum
Other => Viruses and worms => Topic started by: jackal13 on July 20, 2012, 03:26:10 AM
-
Having problems with avast warning pop ups related in the subject.
Currently running Program version 7.0.1456 and definitions 120719-2
I get these pop ups around every 20 mins.
Any help would be great.
-
Jackal13 welcome to Avast1 forum.
Follow this guide: http://forum.avast.com/index.php?topic=53253.0
and attach ( Do not copy/paste ) logs for malwarebytes', OTL, and aswMBR.exe.
an expert in the removal of malware will be notified. However due to the time, you might get help by tomorrow.
-
Post the logs and we'll have a look.
-
OTL.txt
-
the rest
-
I have a red file pop up on the aswmbr scan and then it looks like it gets hung up.
Doesn't want to finish. Unitywebplayerupdate.exe is the one it is stuck on.
-
A little impatient i guess
-
Hi jackal13,
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
- Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the combofix log.
Thanks
-
combofix .txt attached
-
Hi jackal13,
Please follow all previous instructions regarding security programs.
Open a new Notepad session - Click the Start button, click run
- in the run box type notepad
- click ok
- In the notepad, Click "Format" and be certain that Word Wrap is not checked.
- Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
File::
C:\Users\Rick\AppData\Local\{726a08d0-f5cb-c322-eaa1-c58ddc95a504}\@
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe | c:\windows\system32\Services.exe
Folder::
C:\Windows\Installer\{726a08d0-f5cb-c322-eaa1-c58ddc95a504}\U
C:\Windows\Installer\{726a08d0-f5cb-c322-eaa1-c58ddc95a504}\L
C:\Windows\Installer\{726a08d0-f5cb-c322-eaa1-c58ddc95a504}
C:\Users\Rick\AppData\Local\{726a08d0-f5cb-c322-eaa1-c58ddc95a504}
DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
In the notepad - Click File, Save as..., and set the Save in to your Desktop
- In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
- Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Please post back with the combofix log.
How's the computer?
-
log file.
-
been running for a bit and avast has not detected anything.
-
Hi jackal13,
Log looks good.
BitTorrent
You have BitTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Your java is out of date. Click your start button > Control Panel- Use the drop down menu beside view by and change it to small icons
- locate java (looks like a coffee cup) in the list and click on it
- when the java console opens click the update tab
- Click update now
Decline any additional items or toolbars offered during the install.
Next, Double click on OTL.exe - Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
:Services
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
- Let the program run unhindered
Next
One more scan to check for stragglers.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.- Do not use this instance of your browser for anything besides doing this scan
- When the scan is complete and the results saved, close that instance of your browser
- Open a new one the usual way and post the results in this topic.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
- Click Scan.
- Wait for the scan to finish.
- When the scan completes, click List of found threats
- click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
- Push the back button.
- Push Finish
- Re-enable your Antivirus software.
Please post back with- ESET log if there was one.
Thanks
[/list][/list][/list]
-
I finished the ESET scan and it came back with 12 items. I didnt see where the export tab was, so i am running it again.
-
attached eset file
-
Hi jackal13
How's the computer?
Just a couple of files to remove, the rest are files we have all ready quarantined or are in system restore. These will be removed when we remove the tools.
Next, Double click on OTL.exe - Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
:Services
:Files
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
-
here is the log
-
Hi jackal13,
I do believe you are good to go.
We'll clean up the tools now.
From your desktop, please delete, if present- any notepads/logs that we created
- aswMBR.exe
- mbr.zip
- mbr.dat
Next
Click the Start button. Copy and paste the following line into the search box and click OK
Combofix /uninstall
Next
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .
You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
Take care
-
Thank you so much for your help OLDMAN.
Hopefully i can reciprocate any future needs you may have by contributing to forums that you may need in the future.
-
Hi jackal13,
You're more than welcome. Take care, keep safe.