Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: leandro.miranda on March 31, 2011, 08:57:20 PM
-
Ha I am trying to remove a curse day in the company where I work. MSN OS has its own life. send dozens of messages ..
The LINK to download the plague is VIRUS: h p: / / mynewpicturss.com / album.php? =
This is a problem sary. I have done many actions .. removed and no ...
-
you should have posted this in the virus section, but okay, I'll notify someone that will help you ;) (... if he wants to ;D )
-
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php
download the free version, install and update it, then run a quick scan, follow the instructions if any.
-
Here are the destructions for MBAM. But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?
After the MBAM run I would like to run an analysis on the system
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
THEN
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
@essexboy
I was getting ready to re-image so I went ahead and ran it. Behavior shield popped up. I submitted the sample to Avast.
3/31/2011 2:03:04 PM Modification of: \REGISTRY\USER\S-1-5-21-3283010599-301252469-166660181-1000\Software\Microsoft\Windows\CurrentVersion\Run\ovbodmsv
By: C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
Via: C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
-> Action allowed
http://www.virustotal.com/file-scan/report.html?id=d1ef3ea4cf899250de36a2e7f85f1d934fcaa83bcde558a12b1f904ad31939d8-1301517851
-
I have six machines of great importance in the network that are experiencing this problem. Does avast will solve it?
Here are the destructions for MBAM. But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?
After the MBAM run I would like to run an analysis on the system
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
THEN
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)
-
Ok, I'll like this, and I'll post the results soon.
Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)
-
Using HiJackThis might help :)
-
Unfortunately Hijackthis no longer looks at all the relevant entry points like appcerts etc .....
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\Security\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 12:07:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/02/16 04:37:56 | 000,000,000 | R--D | M] - Z:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | R--- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Trend have not updated the programme now for getting on 3 years
-
I replaced HJT with OTL and located the OTL Tutorial. Now I have to read it ???
Thanks
-
A fair bit of malware nowadays inserts commands into the IFEO, appcert or security providers chain. So deleting files from the run entries will still leave the malware active..
OTL is very versatile as well, it will investigate any area that you ask it to
-
This program did not remove the virus, I'm having the same problem today. :'(
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php
download the free version, install and update it, then run a quick scan, follow the instructions if any.
-
This program did not remove the virus, I'm having the same problem today. :'(
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php
download the free version, install and update it, then run a quick scan, follow the instructions if any.
follow Essexboy's instructions when he comes back to this thread ;)
-
Yes I followed the instructions, I installed mbam and did the updates, then scan sent on any PC. And did not detect any problems.
This program did not remove the virus, I'm having the same problem today. :'(
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php
download the free version, install and update it, then run a quick scan, follow the instructions if any.
follow Essexboy's instructions when he comes back to this thread ;)
-
you didn't do what he asked you here:
http://forum.avast.com/index.php?topic=75127.msg621901#msg621901
download OTS and post log etc...
-
MBAM and Avast will only get known files - the unknown have to be removed manually ;D
-
MBAM and Avast will only get known files - the unknown have to be removed manually ;D
To boldly remove what no man has removed before... 8)