Avast WEBforum
Other => Viruses and worms => Topic started by: konfoozed on February 06, 2012, 03:20:55 PM
-
Having thought I had completely got rid of the System Check virus (posted elsewhere on the forum) I was surprised to see an entry in Start/All programs as: System Check with subfolders System Check and Uninstall. I presume these are the leftovers of the virus but want to make sure before deleting them.
-
have you done a quick scan with a updated malwarebytes ?
what does it say.....
-
follow this guide:
http://forum.avast.com/index.php?topic=53253.0
attach all logs...
-
have you done a quick scan with a updated malwarebytes ?
what does it say.....
Just did a quick scan....no problems reported.
-
@ Pondus and true indian
Konfoozed was adviced to open a new topic here to make sure he has realy gotten rid of System Check and be sure no hidden nasty stuff remain.
http://forum.avast.com/index.php?topic=92002.msg737476#msg737476
I already told him that he should post the logs, and wait for Essexboy
Regards
-
Konfoozed was adviced to open a new topic here to make sure he has realy gotten rid of System Check and be sure no hidden nasty stuff remain.
so is this the new topic then ???
oooo....i love it when they post all over the forum....make it so easy to answer
-
@ Pondus
Konfoozed was adviced to open a new topic here to make sure he has realy gotten rid of System Check and be sure no hidden nasty stuff remain.
so is this the new topic then ???
oooo....i love it when they post all over the forum....make it so easy to answer
No. Konfoozed being a newbie posted for help in another member's thread. I told him from the beginning to seek help here. He instead opted to try bleepingcomputer instructions, but still got some problems to resolve. Read the link I posted. Since I am not certified to remove malware, my only option was to send him here. Did I do something wrong for you to post such a sarcastic statement ? I have always considered you to be very helpful and patience member of this forum, moreover with members who do not have an extensive knowledge about computers.
Regards.
-
Did I do something wrong for you to post such a sarcastic statement ?
was it sarcastic ?......i wasn`t intended to be...i just asked a question
i guess we find out when/if he attach the logs you requested
-
@ Pondus.
so is this the new topic then ???
oooo....i love it when they post all over the forum....make it so easy to answer
No. Konfoozed being a newbie posted for help in another member's thread. I told him from the beginning to seek help here. He instead opted to try bleepingcomputer instructions, but still got some problems to resolve. Read the link I posted. Since I am not certified to remove malware, my only option was to send him here. Did I do something wrong for you to post such a sarcastic statement ? I have always considered you to be very helpful and patience member of this forum, moreover with members who do not have an extensive knowledge about computers.
Regards.
PS I do not know why this post came out like a quote since my text is out of it.
Thank you...nice to know someone can be understanding. I tried to post in the correct area.
-
Did I do something wrong for you to post such a sarcastic statement ?
was it sarcastic ?......i wasn`t intended to be...i just asked a question
i guess we find out when/if he attach the logs you requested
Yes....pure sarcasm...no help.
-
PS I do not know why this post came out like a quote since my text is out of it.
you have to put your text on the outside (after) the quote tags
-
Yes....pure sarcasm...no help.
OK....i will keep my fingers away then
-
Yes....pure sarcasm...no help.
OK....i will keep my fingers away then
Probably best...even as a newbie I recognize the forum is to offer help to others...not use it as an ego-trip.
-
was it sarcastic ?......i wasn`t intended to be...i just asked a question
I might have misinterpreted it. My bad.
i guess we find out when/if he attach the logs you requested
Yes, let's wait. I hope he does not find the instruction too overwhelming.
I was writing this while you posted your answer for the quotes. Yes I did it like you said and still everything came out blue. Don't know why.
@ Konfoozed.
Since most of us here come all over the world and English is a second language sometimes estatements are misinterpreted. Pondus is a very helpful and knowledgeable member of the community, and my conversation with him was to be clear in our procedure to do things. Nothing else. We are still waiting for your logs.
-
@ Konfoozed.
We are still waiting for your logs.
[/quote]
I haven't posted logs or contacted Essexboy as whilst I was waiting for response from the forum I ran CCleaner and discovered that the Start program was in name only. Hopefully it is now all resolved, thanks.
-
I haven't posted logs or contacted Essexboy as whilst I was waiting for response from the forum I ran CCleaner and discovered that the Start program was in name only. Hopefully it is now all resolved, thanks.
OK. Glad the system check files are gone now, but you mentioned still two Win32Fake Alert BYN Trojans that were not related to any fake alerts Avast! was throwing yesterday about valid programs. What about them ?
-
iroc9555 and true indian
Just to say that everything seems to be running sweetly....again fingers crossed. On that basis I think it is unfair for me to trouble Essexboy when his http://forum.avast.com/index.php?topic=53253.0 clearly states "If you are having problems still after MBAM has run then create a new topic in the Virus and Worms Forum, stating the problems you are experiencing with the computer and the OTL log.." If I am wrong in my surmise please let me know.
-
I haven't posted logs or contacted Essexboy as whilst I was waiting for response from the forum I ran CCleaner and discovered that the Start program was in name only. Hopefully it is now all resolved, thanks.
OK. Glad the system check files are gone now, but you mentioned still two Win32Fake Alert BYN Trojans that were not related to any fake alerts Avast! was throwing yesterday about valid programs. What about them ?
I submitted them to Avast.
-
Hi sorry for the reply delay...essexboy is our resident malware removal expert....just follow the guides and attach the logs...he will help u out in checking for remanents. :)
If u want i will notify him for u,what say? ;)
Regards from sunny India.
-
Yes....pure sarcasm...no help.
OK....i will keep my fingers away then
I feel delicate to post this but please do not take it in wrong spirit:
That is not too helpful pondus :(.....remember we should work as a team ;)
After all we all are malware fighters...i hope u understand and co-operate. :)
"United We Stand Divided We Fall."
We are providing help on our own decision we are not obliging anybody by doing so and such behaviour is not expected from u evangelists....
NO OFFENCE!
Thats all i want to say.
-
Hi sorry for the reply delay...essexboy is our resident malware removal expert....just follow the guides and attach the logs...he will help u out in checking for remanents. :)
If u want i will notify him for u,what say? ;)
Thank you. If you really think I should send the logs even though things seem fine then I will do so. What I don't want to do is waste his time.
-
Essexboy notified...
Once u attach the log and he confirms u are clean U are back on the track....I hope u understand that we trying to ensure u are clean....
-
Essexboy will arrive by night...so u may log off for now and check back at night. ;)
-
Essexboy notified...
Once u attach the log and he confirms u are clean U are back on the track....I hope u understand that we trying to ensure u are clean....
Thank you very much....I do appreciate your help. I will now go through the process of sending the logs. Just hope my limited experience won't be an obstacle!
-
Essexboy notified...
Once u attach the log and he confirms u are clean U are back on the track....I hope u understand that we trying to ensure u are clean....
Thank you very much....I do appreciate your help. I will now go through the process of sending the logs. Just hope my limited experience won't be an obstacle!
Your Welcome!
just keep calm and stay cool! 8)
-
Essexboy notified...
Once u attach the log and he confirms u are clean U are back on the track....I hope u understand that we trying to ensure u are clean....
Thank you very much....I do appreciate your help. I will now go through the process of sending the logs. Just hope my limited experience won't be an obstacle!
Your Welcome!
just keep calm and stay cool! 8)
-
:) ;)
-
Found a problem already regarding posting the logs. The instructions call for a Restore Point to be created after downloading OTL and doing the pasting in the Custom Scan box.
With a dual boot system (which I have) System Restore doesn't function fully. You can create a restore point but if you shut down, you lose it. Whether you can create a restore point and go back to it if you don't shut down I just don't know. Guess I'll have to await Essexboy's advice on this before I proceed.
Meantime, for what it is worth on its own, here is the MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.07.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ken :: NSYSKB101207 [administrator]
07/02/2012 10:25:51
mbam-log-2012-02-07 (10-25-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172877
Time elapsed: 5 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Essexboy will answer your problems once he comes online.
-
Essexboy will answer your problems once he comes online.
Thanks again.
-
Just delete the [createrestorepoint] from the initial scan
-
Just delete the [createrestorepoint] from the initial scan
OK, thanks, will hopefully send all in the morning.
-
Just noticed the message time is an hour late?
-
Just delete the [createrestorepoint] from the initial scan
Logs asrequested, thanks.
-
Thanks! for the logs essexboy will be here by night or in another 1 hour
check back by that time! :)
-
Cheers!
-
Cheers!
:) Any Time!
-
Could you check in device manager to see if any yellow exclamation marks are there
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-1957994488-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-21-1957994488-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080
O3 - HKU\S-1-5-21-1957994488-842925246-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O33 - MountPoints2\{33a2a2df-a252-11df-a4e1-001e8c269596}\Shell\AutoRun\command - "" = J:\laucher.exe
O33 - MountPoints2\{33a2a2e1-a252-11df-a4e1-001e8c269596}\Shell\AutoRun\command - "" = J:\laucher.exe
[2012/02/04 11:45:23 | 000,000,320 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~rvjxVaaaNz56kH
[2012/02/04 11:45:23 | 000,000,216 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~rvjxVaaaNz56kHr
[2012/02/04 11:45:19 | 000,000,344 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\rvjxVaaaNz56kH
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
With a dual boot system (which I have) System Restore doesn't function fully. You can create a restore point but if you shut down, you lose it. Whether you can create a restore point and go back to it if you don't shut down I just don't know.
This will eliminate your WIN 7? restore points from being deleted when you boot into XP. Works for both Vista or Win 7 and any earlier Windows OS. Use Method 1.
http://support.microsoft.com/kb/926185 (http://support.microsoft.com/kb/926185)
-
Could you check in device manager to see if any yellow exclamation marks are there
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-1957994488-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-21-1957994488-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080
O3 - HKU\S-1-5-21-1957994488-842925246-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O33 - MountPoints2\{33a2a2df-a252-11df-a4e1-001e8c269596}\Shell\AutoRun\command - "" = J:\laucher.exe
O33 - MountPoints2\{33a2a2e1-a252-11df-a4e1-001e8c269596}\Shell\AutoRun\command - "" = J:\laucher.exe
[2012/02/04 11:45:23 | 000,000,320 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~rvjxVaaaNz56kH
[2012/02/04 11:45:23 | 000,000,216 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~rvjxVaaaNz56kHr
[2012/02/04 11:45:19 | 000,000,344 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\rvjxVaaaNz56kH
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Hi. I did have a problem just this afternoon when I discovered my Realtek HD Audio wasn't recognized. I went into Device Manager and it had an exclamation mark by it. I subsequently got the sound back. I PM'd you today regarding current status.
Also, how do I disable MBAM (free)?
Again, regarding the latest fix, I can't create restore point.
Presume quote points after [emptytemp]?
Please advise before I proceed anything else, thanks.
-
With a dual boot system (which I have) System Restore doesn't function fully. You can create a restore point but if you shut down, you lose it. Whether you can create a restore point and go back to it if you don't shut down I just don't know.
This will eliminate your WIN 7? restore points from being deleted when you boot into XP. Works for both Vista or Win 7 and any earlier Windows OS. Use Method 1.
http://support.microsoft.com/kb/926185 (http://support.microsoft.com/kb/926185)
Thank you for that...something no-one else has mentioned. Trouble is it may solve the problem for W7 but still leaves XP out in the cold (unless I've misunderstood).
Having read the microsoft article again, I believe this is for partition drives rather than totally separate drives.
-
Oops I forgot - yes just delete the create restore line
-
Thank you for that...something no-one else has mentioned. Trouble is it may solve the problem for W7 but still leaves XP out in the cold (unless I've misunderstood).
Having read the microsoft article again, I believe this is for partition drives rather than totally separate drives.
XP is not the issue as far as it's restore points are concerned. The problem lies in the way XP creates it's restore points; it will delete those in any other OS present. It's a bug in XP that Microsoft chose not to fix.
Fix works fine when each OS is installed on a separate drive. That is how my dual boot is set up.
-
Thank you for that...something no-one else has mentioned. Trouble is it may solve the problem for W7 but still leaves XP out in the cold (unless I've misunderstood).
Having read the microsoft article again, I believe this is for partition drives rather than totally separate drives.
XP is not the issue as far as it's restore points are concerned. The problem lies in the way XP creates it's restore points; it will delete those in any other OS present. It's a bug in XP that Microsoft chose not to fix.
Fix works fine when each OS is installed on a separate drive. That is how my dual boot is set up.
Thank you for that....I'll have a look at it again but would I then be able to retain my SR points for XP? Up to now I've always lost them on both XP and W7. .
-
For Essexboy
This morning's scan.
Thanks.
-
What problems are outstanding ?
-
What problems are outstanding ?
As far as I can see everything seems to be great although I am still getting the Asus motherboard screen on start up which isn't a big deal but just seems strange to have appeared out of nowhere. Certainly getting rid of Comodo and reverting to Windows firewall in conjunction with Avast on the XP drive seems much snappier. Strangely the other drive running w7 still has CIS with AV disabled together with Avast and appears happy as Larry!
I presume the latest log is OK from your point of view.
-
Yep it looks good.. If there are no problems by tomorrow then let me know and I will remove my tools and tidy up
-
OK fingers crossed for tomorrow.
Thanks for your help so far.
Regards from snowy Essex.
-
Just come back back after today evening to get a surprise from essexboy.. ;D
-
Just come back back after today evening to get a surprise from essexboy.. ;D
Now you have me curious....don't say I get to share his lottery winnings!
-
For Essexboy
Both drives seem to be working very well. However I did discover that on my second drive (running W7) Comodo was not showing under All Programs, Control Panel, nor was it found by CCleaner or Revo. It showed in the cascade when I clicked on Start and as a Desktop shortcut also in the system tray bar. I tried to reinstall Comodo but it didn't seem to want to know. Ultimately I believe I've got rid of it by using the Hunter Mode in Revo. Is this anything to do with the virus or should I make another post elsewhere? For the time being I'm now using the W7 firewall in conjunction with Avast!
-
It may have been damaged - If you have removed it all then try a re-install
If you get any errors then let me know what they are
-
It may have been damaged - If you have removed it all then try a re-install
If you get any errors then let me know what they are
OK. Meantime just closed down XP drive, opened with W7 - asking allow CIS to make changes.
Noticifcation area still show CIS premium and updater.
Revo uninstaller now showing only uninstaller and website. Will try reinstall both.
-
Reinstalled CIS - shut down - restart - CIS asked to restart to complete? Yes/No - Yes restart - error receiving font Geek Buddy - asked restart Y/N answered No... Geek Buddy: error receiving font X many times.
Didn't try reinstall Revo at this stage.
-
Alas I know nothing about Comodo
I would recommend that you ask on their forum as I could not find any reference to that error
-
Alas I know nothing about Comodo
I would recommend that you ask on their forum as I could not find any reference to that error
OK, thanks Essexboy. You have been great, many thanks for all your help.
Regards.
-
Foe Essexboy.
OK done some research and looks as if I'm not alone to the extent that others are going the extra mile to devise their own removal tools. Lesson to be learnt as far as I'm concerned is don't go anywhere near Comodo again. Thankfully, and thanks to you, my prime drive is back running sweetly so I'll be looking at formatting the secondary drive very soon.
Thank you so much for all your help.
You are a real star.
-
I must admit I am not a fan of comodo but I try not to let my bias show
Glad you are happy
Let me know when you want me to remove my tools
-
There is just one odd thing that perhaps you could throw some light on.....Each morning when I have switched on my computer I haven't seen any startup screen...no Asus screen, no boot screen, nothing. It seems to take longer than normal (might be my imagination) but eventually opens up at Desktop on my default XP drive with all the usual icons in the system tray already in place. If I turn off and switch back on I get theAsus screen and then the usual startup screen followed by Boot Manager where I get the option to select which drive. If you could throw some light on this point I would be very grateful.
Apart from the above (and the Comodo issue which I'll sort later) it all seems very good and just hope that if the nasties were going to reappear they would have done so by now so as far as the removal of tools anytime is fine although I am going away tomorrow.
-
Not sure about that I will need to check it out
Tool removal for win 7
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup and select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
- Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:
-
Hi.
Sorry didn't understand the reference to "Tool removal Win7".
Just to be sure, I presume your instructions are standard and that therefore I can safely continue ignore references to System Restore?
When you say run for 24 hours is that literally keep it constantly running for that time?
Thing is, I shall be going away tomorrow morning.
I'll wait to hear back from you before I do anything regarding removal etc.
-
No just use the system as normal and monitor for any oddities
Yep I keep forgetting about your restore problem
In that case just run OTL and hit the cleanup button
-
Apologies for being pedantic....so just follow all the instructions whilst ignoring the bit about System Restore?
-
Yes all bar system restore
-
Yes all bar system restore
Thanks.
-
Didn't delete these:
IExplore.exe
aswMBR.exe
aswMBR.dat
aswMBR.txt
unhide.exe
Can I just delete these manually?
-
Yes delete them manually as they just sit on the desktop and are not installed
-
Thanks....started to panic as thought there was another virus problem!
-
For Essexboy
Have followed all your suggestions.
Thank you very much for all your time, patience and wisdom.
I can now go on holiday and not be constantly worrying about my computer.
Best regards.
-
There u have your surprise...cleanup from master blaster essexboy! ;D
-
There u have your surprise...cleanup from master blaster essexboy! ;D
I did indeed...even better than a share of the lottery!
Thank you also for your guidance.