Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hanik99 on July 06, 2014, 05:24:13 PM
-
I downloaded the free version of Avast because my computer got infected with Malware and so I did a full system scan and there were 15 total infected file and it managed to delete 12 of them but for the other 3 it said "Error: The system cannot find the file specified (2)", how can I fix this and delete those viruses? (because they are still affecting me).
-
more info ..... location of files detetec?
screenshot of detection result ...... you may need to open up the coulumn so we can see full file path
-
The system cannot find the file specified (2)",
it usually means the files are not there anymore ...... and a reboot and new scan often comes up clean
how can I fix this and delete those viruses? (because they are still affecting me).
how .... what are your symptoms?
-
File name Severity Status Result
b:\program files\...\suprasavingsservice.exe High Threat:Win32:BullSave-D[Adw] Error: The system cannot find the file . specified (2)
b:\program files\...\suprasavingsservice.exe High Threat:Win32:BullSave-D[Adw] Error: The system cannot find the file . specified (2)
b:\program files\...\suprasavingsservice.exe High Threat:Win32:BullSave-D[Adw] Error: The system cannot find the file . specified (2)
They all seem to be identical but they were detected separately and cannot be remove/deleted.
Symptoms:
Random words on website if you scroll over them it come up with an ad from supra savings
Some videos on website aren't displayed because it says I need to download the newest version of Codec (a Malware Virus - I looked it up on the internet).
Sometime (even on secure site) a pop up appears.
-
and what are those that where detected and removed?
-
follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach (not copy and paste) Malwarebytes and OTL logs .....
make sure you save OTL as ANSI and not Unicoding
-
Okay this may take me a little while but so far Anti-Malware has dected 27 infections...
-
First Log
-
yea, your comp is full of crap files .... and also a trojan detection
PUP = not virus / Possible Unwanted Program .... usually crap that comes bundled with free downloads
did you take any action on them? .... the log dont say http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
malware experts are notified and will check logs when they arrive
-
I have deleted most of the unwanted software and here are some more logs (Anti-Malware ones again)
-
here are the OTL.Txt and Extras.Txt
-
Sorry but I have school tomorrow and it's late where I live so I will do the last bit tomorrow (as soon as I can) Thanks for the help!
-
Could you open the OTL log on your desktop and click File > Save as.... and ensure that the coding is set to ANSI, then save and re-attach please
Details in this thread https://forum.avast.com/index.php?topic=53253.0
-
Oh ok sorry (the other one too? Or not?)
-
when I try to download aswMBR.exe Avast keeps blocking it as a virus
-
Ignore AswMBR for now, Avast is being a bit silly. I will upload as a Flase Positive
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=59408f15-680d-4189-adf1-1220c2dc9755&searchtype=ds&q={searchTerms}&installDate=29/06/2013
IE - HKU\S-1-5-21-3244003697-3728270123-4111173487-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3244003697-3728270123-4111173487-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=59408f15-680d-4189-adf1-1220c2dc9755&searchtype=ds&q={searchTerms}&installDate=29/06/2013
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
[2014/06/26 20:22:28 | 000,000,000 | ---D | C] -- B:\Program Files\898DEBAE-54F2-4102-AE1C-A02B2223833C
[2014/06/22 11:05:57 | 000,000,000 | ---D | C] -- B:\Program Files\003
[2014/06/22 11:05:16 | 000,000,000 | ---D | C] -- B:\Program Files\Browsersafeguard
[2014/06/12 20:05:34 | 000,031,744 | ---- | C] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
-
Here is the next log (I wasn't sure if ANSI or Unicode so I have done both)
-
Once AdwCleaner has finished could you let me know what problems remain
-
here is the AdwCleaner log (tell me if there's anything I should know)
If there are still problems I will reply and tell you what they were
If not Thanks So much for helping me (both of you two that have replied)
-
I think all the problems are gone :D
-
Run it for a bit and if the alerts have definitely gone I will tidy up
-
Run what?
-
(if you mean my computer I have been running it for a while and it seems to be doing great)
-
In that case methinks I will send you on your merry way :)
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave:
-
Thanks man your the best! :D
-
My pleasure :)