Avast WEBforum
Other => Viruses and worms => Topic started by: Bassem on August 22, 2011, 03:38:45 PM
-
i have been having this problem for few months now, the virus disables task manager , registry editor , windows firewall , safe mode. i tried to download avast but the virus automaticly closed it and deleted the setup. i even tried to reinstall windows b4 but the virus still living in my pc :'(
-
Could you follow the first post here http://forum.avast.com/index.php?topic=53253.0
Then once done post the resultant logs in this thread
-
here are the logs
-
here are the logs
-
I am afraid you may have Sality
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (amsint32)
O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AUtOplAY\comMAnd - "" = G:\kqmg.exe
O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AutoRun\command - "" = G:\kqmg.exe
O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\eXplore\COmManD - "" = G:\kqmg.exe
O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\opEN\commanD - "" = G:\kqmg.exe
[2011/08/22 17:59:02 | 000,103,140 | ---- | M] () -- C:\eswatj.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download Sality Killer zip (http://support.kaspersky.com/downloads/utils/salitykiller.zip) to your desktop and extract SalityKiller.exe
Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.
Download the file Sality_RegKeys.zip (http://support.kaspersky.com/downloads/utils/sality_regkeys.zip)
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip
Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:
under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg
-
just adding some info
from malwarebytes log
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
Sality is a file infector...
Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
-
uh the OTL took more than 1 hour already and still working, is that normal? ???
-
Only if you have never emptied your temporary files. Close OTL out and run the sality fixes please
-
hey i just cleared my temp files now and the OTL worked but iam unable to download the sality killer with or without IDM
-
I have just uploaded them to my skydrive here https://skydrive.live.com/?cid=32d8666f4048075b&sc=documents&uc=2&id=32D8666F4048075B%21117
-
hey ive completed all the steps here, are there other steps or i can be sure that iam 100% sality free ;D
-
Could you now download and install Avast then run a full scan and let me know if it finds anything at all
-
i took 2 screen shots of the 15 infected files found by avast before deleting them, but they are
1.37 Megabytes does it mean i cant upload here?
-
It would be too large, the image/file size for attachments is 200KB.
When saving screenshots, only capture the active window, save in .gif format (good enough for quality) and gives a smaller file size.
That said there is no need to do screenshots when you can copy and paste from the scan logs. For detection on on demand scans, check C:\Documents And Settings\All Users\Application Data\Alwil Software\Avast5\Log (Windows 2000, Windows XP). Or C:\ProgramData\Alwil Software\Avast5\log (windows Vista, windows 7).
Also - Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
-
i rushed to deleting them cause i dont use those infected programs anymore so i dont need them, but the problem is i still cant find the log file, iam using the latest version of avast by the way...
-
Depending on your OS and settings, those folders may be hidden. You would need to change the windows explorer, Tools, Folder options, not to Hide files and folders.
Also, the avastUI, Scan Computer, selected scan (Quick/Full, etc.) More details, Settings, Report File, Generate report file option would have to be checked.
-
ah should have known that before i did the full scan and the pic cant change its size, i did another full scan and nothing is infected now, what should i do ???
-
Could you now run a fresh OTL scan selecting all usersand running the quick scan
-
scan complete
-
Looks like you may have been lucky - are you experiencing any problems ?
-
no problems at all, thanks for the help everyone :)
-
I would recommend that you update to SP3 to ensure your system security
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
how bout SuperAntispyware pro ???
-
it is good, but Malwarebytes seems to detect a bit more....or faster on the latest malware
i have both
-
'Tis not a problem and a backup is good as MBAM is now being targeted as well as AV's
-
ok then...i'll be using SuperAntispyware & upgrading to sp3
-
ive detected a problem, the screen's color at random times changes then comes back again, is that a worm virus or just my monitor? ???
-
Sounds more like a hardware issue than any malware that I'm aware of.
Graphics card, Monitor, heat can also have an impact on the graphics card.
-
no wonder the pc is very old, but upgrading the graphic card should solve it?
-
Not necessarily if it isn't the graphics card that is failing. That is the problem with hardware faults they are hard to pin down.
-
100% virus free and solved all problems, thanks everyone, cheers :)