Avast WEBforum

Other => Viruses and worms => Topic started by: tombay on September 16, 2008, 04:54:58 PM

Title: Virus user-EA49943X-activities.exe
Post by: tombay on September 16, 2008, 04:54:58 PM

Virus user-EA49943X-activities.zip or Virus user-EA49943X-activities.exe.

I have just had this virus on my machine and internet explorer no longer works.
I got an NT eventlog entry from Avast reporting this as a generic Win32:Trojan Spy.

I moved it to the VirusChest but the infection has happened.
I wonder how I can remove it - ?

Title: Re: Virus user-EA49943X-activities.exe
Post by: Lisandro on September 16, 2008, 05:20:06 PM

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

Title: Re: Virus user-EA49943X-activities.exe
Post by: micky77 on September 16, 2008, 08:18:10 PM

Somone else reported this,but did not get back.
http://forum.avast.com/index.php?topic=38620.msg323772#msg323772 (http://forum.avast.com/index.php?topic=38620.msg323772#msg323772)

Title: Re: Virus user-EA49943X-activities.exe
Post by: tombay on September 20, 2008, 02:31:01 AM

 :) Thanks for your advice. Avast boottime scan picked up a virus "Win32:Adware-Gen [Adw]". Displayed as testmh.exe (error-repair.exe)

Internet Explorer did not work still but I reset it settings (by Opening "C:\Progam Files\Internet Explorer\SIGNUP\INSTALL.INS and saying o.k.).


Tom

Title: Re: Virus user-EA49943X-activities.exe
Post by: Lisandro on September 20, 2008, 02:53:21 PM

Tombay, to be sure you're clean, take a look in the steps I've posted before ;)