Thanks. Those files look good, but the one I was looking for didn't show up. We'll do a lttle manual investigation.
In windows explorer, at the top, click tools, folder options, click the view tab.
check Show hidden files and folders
uncheck "Hide extensions for known file types" box
uncheck "Hide protecting operating system files" box
Click apply
Open task manager(control,alt,del keys together) , click the process tab and locate
WkDetect.exe, click end task.
Now navigate to this folder, click on it.
c:\Program Files\Microsoft WorksIn the right hand panel locate
WkDetect.exe right click it, select rename, type in the new name
WkDetect.old , left click near the file name and make sure the new name is there. Please make a note of the file size and date created before yo rename it.
Now submit this file to virustotal
c:\Program Files\Microsoft Works\WkDetect.oldWe have a little registry fix to do.
WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machineREGISTRY FIXREGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Next you will need to create the repair registry fix to do that copy and paste
ALL of the above in the quote box to a notepad file. Ensure there is
no space above the REGEDIT4.
Then in notepad go to
FILE > SAVE AS and in the dropdown box make sure the top box is set to
SAVE IN DesktopThen in the
FILE NAME box type 9including the " " marks)
"fix.reg"This will create a fix.reg file on your desktop
To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
Make sure the windows firewall is turned on. Click this link and download avast4 home. Save it to your desktop. The download link is in the left panel.
http://avast.com/eng/download-avast-home.html* Create a new restore point
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create
* Remove old restore points
- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
Open HJT, run a system scan only, check mark these lines if present
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe Close all other browsers/windows, click fix, close HJT.
Physically disconnect from the internet and boot into safe mode.
Go to add/remove programs and uninstall this program
Authentium AntiVirus SDK - 2Reboot into normal windows, double click the the avast file you downloaded. Follow the prompts. Avast will ask you if you want do an update and a boot time scan boot, Say yes. You will have to reconnect your cable. During the boot time scan, if avast finds anything, it will ask you what to do. Choose move to the chest.
do not be alarmed if avast detects the files we removed with OTMOVEIT2, for those you can chose no action. The path will look similar to this C:\_OTMOVEIT2\moved\
After the scan is complete, please download DSS again, I'd like to have another look.
Please download
Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
.
Please post the virustotal results also.
If you have any problems with the steps above, please let me know.
Thanks.