Avast WEBforum
Other => Viruses and worms => Topic started by: jfour500 on June 12, 2010, 10:27:05 PM
-
a friend was using my external drive on their computer and Avast detected a threat, so they disconnected immediately.
I scanned the drive on my computer using malwarebytes, avg 9 and superantispyware, didnt find anything
Downloaded Avast, scanned & found
N:\System Volume Information|_restore(2846F638-C5AC-45B1-8F7F-98C3A36B3599)\RP67\A0066582.inf
Threat:VBS:Malware-gen
Error: The system cannot find the file specified (2)
Can not move, delete etc
Not very tech savy, suggestions on how to deal with this please! Thanks!
-
As this threat is located in system restore, just empty system restore or this one restore point.
Or let avast put it to the chest..!
asyn
-
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!
Thanks for advice!
-
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!
Thanks for advice!
You're welcome..! :)
Awaiting your reply..!!
asyn
-
Here is a proposed way to fix it:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
polonus
-
Hi I have had a similar problem,
avast keeps finding the problem but cannot remove it. I think the issue is either in the windows or
i386 directory.
File name: SVC: PRAGMArnnsmbexnm
Severity: High
Status: Threat: Rootkit: hidden service
Result: Error: The system cannot find the file specified(2)
Is there a way to remvove this problem, and is it really an issue?
If anyone has any ideas please let me know
-
Is there a way to remvove this problem, and is it really an issue?
If you're on a 32bit system, run a boot time scan with avast.
Report back.
And yes, a rootkit infection is a rather big issue...
asyn
-
That is a very sneaky rootkit
(http://www.geekstogo.com/misc/guide_icons/gmer.png) GMER Rootkit Scanner - Download (http://www.gmer.net/gmer.zip) - Homepage (http://www.gmer.net/)
- Download GMER
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe.
(http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif)
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
(http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg) (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
THEN
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select Scan all users
- Under the Custom Scan box paste this in
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
-
As Essexboy jumps in here, follow his advice...! ;)
asyn