Avast WEBforum
Other => Viruses and worms => Topic started by: MattiieG on August 27, 2013, 08:23:16 PM
-
Hey, my laptop seemed super sluggish so I did a scan with SUPERantispyware and it noticed the virus PUP.bProtector.
I then proceeded to get it to delete the virus
but my laptop still seems pretty sluggish, even though it is normally quite good..
I am thinking that maybe, somehow the virus is still on my laptop?
can anyone help me? :)
Thanks
Matt
-
PUP = not a virus / Possible Unwanted Program
usually toolbar crapware/adware that comes bundled with other downloads
if you want a viris check, run first 4 programs here as they are listed and attach logs ... not copy and paste
http://forum.avast.com/index.php?topic=53253.0
-
ok, I shall do that, give me a miute :)
-
If you dont want to get PUPs on your computer, PUP detection is disabled by default.
Go to protection on the top, click on i think real time protection, go to File system shield and also to web shield, on
the top right is a button that says settings, choose efficiency on the left and choose scan for potentially unwanted programs. ;)
-
where abouts is the protection part?
-
If you dont want to get PUPs on your computer, PUP detection is disabled by default.
Go to protection on the top, click on i think real time protection, go to File system shield and also to web shield, on
the top right is a button that says settings, choose efficiency on the left and choose scan for potentially unwanted programs. ;)
while malware programs like malwarebytes / superantispyware and others....pup detection is crapware, but avast also class programs as pup bc of what they can do
there are several post in this forum where factory installed programs from HP / Toshiba / Dell is detected as pup by avast. so you need to be sure what it is before you take any action...
and as you see from repeated posts in this forum, when pup is detected most users think it is a virus, guessing that is why it is default off
-
I dunno if this is anything to do with any of this, but C:\Windows\System32\cmd.exe just opened by itself, what could have caused that?
and also, OTL scan is taking ages, and aswMBR download is only on 1,009 KB after ~20 mins downloading, this may take a while.
-
these are the first 3
still waiting upon aswMBR to download...
-
are you using Bullguard antivirus?
is your previous used antivirus Norton Symantec / McAfee / Kaspersky ?
log experts are notified, should be here soon....
-
I am using the free version of bullguard atm, not been able to buy any yet, and yes, I have gone between the 3 previously.
-
You should remove completely before running any other AV like Avast otherwise you will encounter problems probaply. ;)
-
run removal tools for previous used AV to clear any leftover files that may conflict
http://singularlabs.com/uninstallers/security-software/
-
So remove the antivirus systems completely? sure :)
-
So remove the antivirus systems completely? sure :)
run tools for the AV you have uninstalled and no longer use ....
you have lots of leftover files .... or are they still there?
-
running multiple AV will give you a slow machine, windows errors and false detections
read reply from quietman7 here. http://www.bleepingcomputer.com/forums/topic186533.html
-
Do you know how many antivirus programs active to your computer?
Norton, BullGuard, McAfee, Kaspersky, BitDefender.
All this must be removed. Then do the following.
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
-
that may be why then, I hadn't got around to removing them all
-
Argus, I do not have BitDefender on my computer...
Does it say I do? Because I have never installed it.
-
BitDefender driver :)
DRV:[b]64bit:[/b] - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
-
Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files
-
Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files
Maybe, but ...
MattiieG
Remove everything you can, I'll look at later DDS report and if necessary to remove residues.
-
OK, I have removed all of the anti-viruses I can see
lets hope this works :)
-
ok, just creating dds.txt now
-
it works here on my iPad !
-
Try here
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.pif
-
yeah, I just went onto their website and got it from there
anyways.
-
Very good, but we still have a little job.
1. Please download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
Instructions how to disable avast:
- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
-
Got it :)
I think that's it, right?
-
Open notepad and copy/paste the text present inside the code box below:
File::
c:\progra~2\mcafee\SITEAD~1\McSACore.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.5\ccSvcHst.exe
Driver::
McAfee SiteAdvisor Service
Skype C2C Service
NCO
DDS::
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
Firefox::
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cx06n1gp.default\
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
-
I shall do this tomorrow, I am off now, is that ok?
-
Ok, but I'm not on the forum tomorrow, but you certainly do this.
I'll see when I'm online.
-
I do not know if you will know what this is, but on my TaskManager, it shows a svchost with 233 k
in it there is
AudioEndpointBuilder
HomegroupListener
PcaSvc
SysMain
TrkWks
UxSms
Wlansvc
and wudfsvc
Do you know why this is taking up so much memory?
-
These are services within Svchost containers, are all legitimate.
-
okok, I ended it, then all of a sudden it came back, what's going on? do you know?
-
I ended it, then all of a sudden it came back
I do not understand what, Combofix?
-
there are also p2p programs running on my laptop, are these regular? (p2pimsvc, p2psvc)
and, the avast! icons have gone missing from my system tray thing - the big where the internet strength and sound is.
how can I get the icons back?
and I meant svchost
-
and, therefore, due to there being no avast! icons, I cannot use combofix
-
Reboot the machine and it will be fine.
-
ahh, ty :)
-
Don't panic ;D
-
ok, here it is...
alas, the svchost thing has gone back up to 180,000 k
-
* it seems that it goes up after using ComboFixer
-
Open notepad and copy/paste the text present inside the code box below:
Driver::
ccSet_NST
File::
c:\windows\SYSNATIVE\drivers\NSTx64\7DD02010.005\ccSetx64.sys
c:\windows\system32\drivers\25337890.sys
Folder::
C:\TDSSKiller_Quarantine
Save this as CFScript.txt
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
-
done
-
I see no present or active malware.
It is necessary to uninstall ComboFix :
- Click Start (or (http://amf.mycity.rs/pg/images/VistaStartButton.png)) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
- In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
- then click OK (or press Enter ).
Wait for the uninstall process is complete.
Next >
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
How is your computer behaving now ?
-
seems to be fine now, thanks man! :)