Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Laurion on December 02, 2010, 08:40:08 PM
-
Avast has dectected a virus but when I try to send the files to the vault I get an error message that the files do not exist with the number 2 in (). This laptop is for the grandkids and runs Vista. I am having multiple problems with this computer, add remove programs doesn't work and I can't install a registry cleaner. I'm afraid my grands have loaded it with some nasty stuff. Help!
-
Hi there can I have a look at your system first ?
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
OTS runs the scan, says it's finished but I can see no results. It quits responding so that I have to use the task manager to shut it down. I ran it twice with the same results.
-
Could you run it in safe mode please after running this programme
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
12/2/2010 8:13:25 PM
mbam-log-2010-12-02 (20-13-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 326818
Time elapsed: 1 hour(s), 54 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
That is a very old version of Malwarebytes' Anti-Malware as it is now at V1.50 and definitions version 5237
Please re-download Malwarebytes' Anti-Malware then follow essexboy's advice:
http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html
-
Sorry about that, should have checked to be sure of updated programs. I guess I am going to have to insist the grands bring me this laptop once a week just so I can make sure all is well. I am attaching the last results of the Malwarebytes quick scan. My add/remove program is now working as well as Avast being able to work properly.
I have a question about a couple programs on this machine, Slingbox and Browser Defender published by Threat Expert Ltd. Are these two offending software?
-
I suggest an installation from the scratch:
1. Uninstall avast & all other security related program from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall (http://www.avast.com/eng/avast-uninstall-utility.html) and use it for complete uninstallation. Maybe you should boot in Safe Mode.
4. Boot.
5. Install again the latest avast! (http://www.avast.com/eng/programs.html) version.
6. Boot.
7. Check and post the results.
-
I will disagree with the others. Try downloading Ad-Aware Free Internet Security from www.cnet.com. Then run a full system scan...this will take a while. Do not run any other programs while the scan is running. Two other downloads I recommend are WinUtilities Free and Advanced SystemCare Free both of which are available from cnet.com. As far as Ad-Aware vs. MBAM I prefer Ad-Aware, but to each his own. I found that Ad-Aware Free was better at finding nasty things than MBAM. Good luck.
-
through para-noid instruction
Download Ad-Aware Here (http://www.filehippo.com/download_ad-aware/)
Download WinUtilities Free Here (http://download.cnet.com/WinUtilities-Free-Edition/3000-18512_4-75021441.html)
Download Advanced SystemCare Free Here (http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html)
-
***
Do not use the Ad-ware Internet Security when Avast is installed. They will conflict with each other. You should never install 2 AV programs on the same computer.
I think that most of the helpers here, especially the certified helpers, will agree that MBAM is preferred over Ad-aware.
But by all means, follow Essexboy's advice since he is a certified malware expert.
***
-
Do not follow Swarnava/Heaven GOD's advice!
Advanced SystemCare Free is from IOBit:
http://forums.malwarebytes.org/index.php?showtopic=33217
Ad-Aware is useless and has not kept up with MBAM
WinUtilities Free is very limited and want you to upgrade to the Pro version.
CCleaner is much better..
-
Wow! Sometimes no advice is good advice. I would definitely follow Essexboy on this as he knows exactly what he is doing. He is a malware removal expert. I have already chosen who I would want help from if I were to have problems and most of them have 5 or 6 stars under their name.
I have a question about a couple programs on this machine, Slingbox and Browser Defender published by Threat Expert Ltd. Are these two offending software?
hxxp://www.slingbox.com/go/home
Slingbox appears to allow a user to watch TV on their computer. It appears that there is a piece of hardware that goes along with this.
hxxp://www.browserdefender.com/
"The Browser Defenderâ„¢ toolbar allows you to surf safely by displaying site ratings as you browse the internet. When you visit a site, our server checks the address and Browser Defenderâ„¢ displays a safety rating based on any potentially malicious behavior or threats associated with the site."
Browser defender displays site ratings. Avast's webshield blocks access to malicious sites and does a good job of it. I personally don't feel a need for any more toolbars. In fact, I don't have any at all. Seems like every program these days is wanting to install one by default.
-
***
Do not use the Ad-ware Internet Security when Avast is installed. They will conflict with each other. You should never install 2 AV programs on the same computer.
I think that most of the helpers here, especially the certified helpers, will agree that MBAM is preferred over Ad-aware.
But by all means, follow Essexboy's advice since he is a certified malware expert.
***I have not detected any conflict with Ad-Aware. I did with MBAM.
-
@ Para-Noid
When are you going to learn to Quote correctly ???
Maybe you are too paranoid using Vista and the useless Ad-Aware Free ::)
-
Hello Laurion,
While everyone will have their opinion on what software works best, I am here to help you, with Essexboy remove your malware, and to get this thread back on topic.
Thank you for posting your MBAM log. :)
Please refer back to Post #1 and follow the instructions that were posted on how to run the OTL log as we need this to help diagnose your problem on your machine. Post the (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine to install or modify anything unless Essexboy instructs you do to malware removal instructions; if possible use a different machine to check email, sync your phone, etc.
***Please do not make any further changes to your machine after you have provided the OTL logs.***
Essexboy will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.
Please let me know if you have any questions. Thank you.
-
Many thanks to all for your help! :) I am hoping I haven't caused myself more grief because I did check my mail on this machine, but, thank goodness, I didn't hook my iPhone up to it!
-
Thank you for your log Laurion. Essexboy will also review the log when he comes on the forum later. He will give you specific instructions to follow, so check the thread in several hours (he is on UK time). Thank you.
-
I notice that you have spyware doctor, did the alerts start occuring after you installed this programme ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2204818908-4029211735-1334293680-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-2204818908-4029211735-1334293680-1000\: "ProxyServer" -> 172.17.1.1:8080
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2204818908-4029211735-1334293680-1000\] > -> HKEY_USERS\S-1-5-21-2204818908-4029211735-1334293680-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {62623D1D-9775-4BE9-AFAD-EF60C2220D4E}\\DhcpNameServer -> 209.183.33.23 209.183.35.23 ()
[Files/Folders - Modified Within 30 Days]
NY -> 354 C:\Users\User\AppData\Local\Temp\*.tmp files -> C:\Users\User\AppData\Local\Temp\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
-
I had some trouble getting OTS to run but after 3 attempts, success!
No, the alerts didn't come with Spyware Doctor. I am pretty sure it has been on this machine from the beginning of ownership.
-
Are you still getting the alerts ?
Download ComboFix from one of these locations:
Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-
@ Laurion,
I'm checking in to see how you are doing with the ComboFix log that Essexboy requested to help with your malware removal. Let us know if you have any questions or problems. Thank you.
-
Sorry for the delay, I have had a family emergency.
I downloaded Combofix and was in the midst of getting ready for a scan. I do have a question, how do you disable security software without uninstalling? ??? I looked through both Spyware Doctor and Malwarebytes but didn't see that option. Haven't checked Avast yet.
-
For MBAM and Spyware doctor there is no need - also Avast now knows what combofix is made of so should not need to be paused
But if you wish to right click the orange blob
Select shield control
Select disable until computer restarts