Avast WEBforum
Other => General Topics => Topic started by: REDACTED on January 26, 2016, 09:42:27 PM
-
found by HerdProtect.
icclibdll_x64.dll
ffmpegsumo.dll
bubble_compiled.js
popus.js
locales.js
index.js
comctl32.dll [ van MS]
common.js
gdiplus.dll [van MS] Note at 2 different locations found.
OS Windows 8.1
How to proceed further. Thanks for help and advice!
Best regards, Herman
-
i assume you mean avast detect?
what does avast say ... malware name given
what is the location of those files ... full file path, or maybe a screenshot that will show
-
for assistanse
follow instructions here https://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes and Farbar Recovery Scan Tool logs, attach the logs, 3 logs total
see below the box you write in ... Attachments and other options
a malware expert will then assist you when online
-
Thanks Pondus for your reply.
Smart scan by Avast detected outdated software programs.
MBAM scan nothing detected.
How to make a screen shot from HerdProtect scan results?
Best regards, Herman
-
We do not ask for a screenshot, but for the log files.
-
Hi Eddy, please find enclosed the log attachments.
Best regards, Herman
-
What are the file names/locations as I can see nothing untoward
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2014-02-15 16:22 - 2014-02-15 16:22 - 0000037 ___SH () C:\Users\Gebruiker\AppData\Local\70149b02515b3bb20dd492.47983420
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Hi essexboy. thanks for your reply.
Q1] Where can I open notepad {path}
Q2] I have removed FRST64 from my pc. Do I have to reinstall and run it again.
Logs are saved in a folder on my desktop.
Best, Herman
-
Q1] Where can I open notepad {path}
down in left corner of your computer screen is a magnifying glass, click it .. write notepad ... click the icon when you see it (works on Win10)
Q2] I have removed FRST64 from my pc. Do I have to reinstall and run it again.
you cant run the fix unless you have FRST
-
Thanks for your reply.
Q1 I got W8.1, is notepad standard aboard? Download as app maybe?
Q2 I got to download FRST, right? Not need to run?
I do look forward hearing from you, thanks in advance.
Kind regards, Herman
-
Notepad is standard for all versions of windows, and you will need FRST on the desktop to run the fix
-
Windows 8.1 - Two ways to open Notepad https://www.youtube.com/watch?v=cxEXFhKRx2I
-
I have downloaded FRST again.
I'm unable to execute the program, Windows Smart screen blocks start of scan.
Best, Herman
-
try this >> http://lmgtfy.com/?q=how+to+turn+off+windows+smart+screen
-
Hi, thanks very much for your help and advice to get this issue solved.
Please find enclosed three new files.
What to do next.
Best, Herman
-
Have you run this fix ?
What are the file names/locations as I can see nothing untoward
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2014-02-15 16:22 - 2014-02-15 16:22 - 0000037 ___SH () C:\Users\Gebruiker\AppData\Local\70149b02515b3bb20dd492.47983420
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Thanks essexboy for your help.
Please find fixlog enclosed.
Kind regards, Herman
-
I can see no other malware, how is the computer behaving
-
Hi essexboy, acc. to me computer behaves "normal",as usual that is.
Do I have to start a new HerdProtect scan again?
Best, Herman
-
Most of the files that were detected appeared to me to be false positives, but, yes scan again and attach the log if it generates one
-
Thanks, HerdProtect scan done, log enclosed.
Best, Hermie
-
Well looking at those and the diagnosis I am fairly sure that they are all false positives... I may run it on my system for a laugh :)
-
Yip, please post your Heardprotect log!
Best,Hermie
-
Well I am even more infected than you :)
-
Well I am even more infected than you :)
Seems like Herdprotect has the same problems as other large herds of cattle lots of BS.
EDIT:
Seeing Hermie's and your logs, if these were correct he/you would be in a world of hurt, W32/Virut.Gen; W32/Sality.AT, but almost all of the so called detections are recorded as "Inconclusive" or "Ignore detections (false positive)"
Really great NOT.
-
With HeardProtect, you're looking at 68 possible false positive detection....This is a great example. :)
-
Yup. and Avira does not come out to well in this.
File path: c:\program files\avast software\szbrowser\1.46.1990.146\resources\bundled_extensions\safe-price.crx
Publisher:
MD5: 496c0fe21537c73026569e8d2b5b65a3
SHA-1: 0a1c5fb66d52032eafa3dae37d3288b41a68595d
Created: 07/01/2016 18:42:26
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Ramnit.C (Malware)
-
Well I am even more infected than you :)
Seems like Herdprotect has the same problems as other large herds of cattle lots of BS.
;D
-
Thanks everyone for your help, advice, replies.
Herdprotect is a time consuming software product.
Will delete it now.
Have a nice day, Hermie