Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: 93volpe on February 09, 2014, 01:52:15 AM
-
Hello all, I have been using Avast for many years now and have had to recently upgrade my PC. After a few weeks of sort of getting up to speed with Windows 8.1 , the PC has become slower. I ran a boot scan last week and had several items show up and they were sent to the "virus chest". Today I ran another boot scan which turned up another virus "WIN32:VBCrypt-CSL" . After trying the options to repair or fix the problem, I keep getting the error message that it's incompatible and can't be moved (or something to that nature) Can this be safely removed somehow or is there a "tool" available to remove it ?
Thanks !!!!
-
Hi,
Welcome to the forums. Please go to this guide and attach MBAM + OTL. Then I can get someone to help you.
Guide: http://forum.avast.com/index.php?topic=53253.0
-
this is a copy and paste from MBAM scan... I did not run as a boot scan, which is where Avast found the [trj]
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.09.01
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Owner :: PC [limited]
2/8/2014 8:40:01 PM
mbam-log-2014-02-08 (20-40-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216171
Time elapsed: 2 minute(s), 55 second(s)
Memory Processes Detected: 1
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> 2044 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 13
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Scorpion Saver (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Adpeak, Inc. (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 45838392148068347680108868038283436152 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 45838392148068347680108868038283436152 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Delete on reboot.
Files Detected: 15
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> Delete on reboot.
C:\temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\temp\t.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\background.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon128.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon16.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon32.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon48.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon64.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon8.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\marcopolo.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
(end)
-
Can you Attach your OTL log?
-
Sorry, forgot to run OTL
-
It's fine. I've notified an expert.
-
the boot scan showing it as a [TRJ] had me worried..... Thanks
-
Hi, I will be working on your malware issues.
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"