Avast WEBforum
Other => Viruses and worms => Topic started by: thurmbo on October 14, 2008, 08:13:28 AM
-
This virus called (virus remover 2008) installed the following executable that I can't get rid of.
b.exe
...which I can see in my system processes (in Task Manager). It also installed an icon in my windows system tray which periodically activates on its own saying that I have a security problem, then tries to launch a system scan automatically. If given a chance to activate, it creates major havoc for you and your computer.
Ending the process in Task Manager only works for a few minutes. It automatically starts back up again.
Updating Avast database and running a scan did not identify any viruses on my computer, yet it IS there. I also ran Spybot and Ad-aware, which were also unsuccessful in locating any malware/trojans etc.
Does anyone know how to get rid of this virus?
Thanks a bunch!
Greg T.
-
:) Hi :
You do NOT have a "virus", but what the malware-fighting "community" calls
a "Rogue" ; the PRIMARY program used against this is the FREE Malwarebytes
Anti-Malware from www.malwarebytes.org/mbam.php .
-
Spiritsongs,
I owe you... BIG-time !!!
I downloaded the www.malwarebytes.org/mbam.php and it found the "rogue" which nothing else I tried was able to.
Thank you (very much) for saving my arse.
~Greg
-
To be sure you're clean, I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
how do we do a startup scan?...i cant seem to find it?
-
If by start-up scan you meen item 2. boot-time scan, then - If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php (http://www.digitalred.com/avast-boot-time.php).