Author Topic: Please Help! (Read 4008 times)

mmshs10 · « **on:** October 24, 2010, 03:21:01 AM »

I'm afraid my computer has been infected with a virus. It has been acting goofy for just over a week. I have been running scans using AVG daily and it tells me that I have tracking cookies. Its the same thing everyday. I tried using Avast tonight and it completed about 85% of a full system scan and then my computer froze up. I guess I had 11 Network Shield infections. Will Avast get rid of these on its own or do I have to do something? I am now running a quick scan. I just want my computer back to normal. Please help! Thanks!

DavidR · « **Reply #1 on:** October 24, 2010, 04:05:35 AM »

Tracking cookies are not a security issue if anything a minor privacy one - - See http://en.wikipedia.org/wiki/HTTP_cookie.

Much of this can be got rid of by not allowing 3rd party cookies in your browser settings.

Did you uninstall AVG before installing avast as two resident AVs are likely to conflict, even remnants of your previous AV can have an affect.
- Ensure that all remnants of AVG are gone - AVG8.x (or higher) Remover, download tool from here, http://www.avg.com/download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one.

The network shield detections aren't part of a Full System scan, they protect against connections to malicious sites.

- If you have Win2k, XP, vista or Win7 (all 32bit), you could enable a boot time scan.
- You could enable a boot time scan. From the avastUI, Scan Computer, Boot-time Scan, Schedule Now button and reboot.

Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file, check this file using notepad for info on the scan/detections, etc.

mmshs10 · « **Reply #2 on:** October 24, 2010, 05:11:39 AM »

No I did not delete AVG before downloading Avast. I then read that I should download Malwarebytes and run a scan. I did so and here is my log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/23/2010 9:57:59 PM
mbam-log-2010-10-23 (21-57-59).txt

Scan type: Quick scan
Objects scanned: 186675
Time elapsed: 38 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT (Trojan.PornDialer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Mel\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mel\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mel\Application Data\FunWebProducts\Data\Mel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Mel\Application Data\FunWebProducts\Data\Mel\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mel\Application Data\FunWebProducts\Data\Mel\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sonce122715.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1244322014.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1244340198.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1244349769.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

Tarq57 · « **Reply #3 on:** October 24, 2010, 05:33:16 AM »

It appears that MBAM has probably dealt with the infection.

What I would do now is uninstall AVG, run the removal tool linked by DavidR above, reboot, and carry out a repair of Avast. (Control panel>add/remove programs select Avast, change or remove, and select "repair" from the options.

Please run another MBAM scan (update MBAM first) and post the log, and it would be wise to run an Avast scan, also.
Let us know if anything was found, and how the computer is running now.

Asyn · « **Reply #4 on:** October 24, 2010, 08:05:40 AM »

Quote from: Tarq57 on October 24, 2010, 05:33:16 AM

...and it would be wise to run an Avast scan, also.

I suggest a boot time scan with avast in this situation..!
asyn

DavidR · « **Reply #5 on:** October 24, 2010, 04:20:08 PM »

Quote from: Asyn on October 24, 2010, 08:05:40 AM

Quote from: Tarq57 on October 24, 2010, 05:33:16 AM
...and it would be wise to run an Avast scan, also.

I suggest a boot time scan with avast in this situation..!
asyn

Which is what I suggested if you read my first reply.

Asyn · « **Reply #6 on:** October 25, 2010, 09:40:27 AM »

Quote from: DavidR on October 24, 2010, 04:20:08 PM

Quote from: Asyn on October 24, 2010, 08:05:40 AM
Quote from: Tarq57 on October 24, 2010, 05:33:16 AM
...and it would be wise to run an Avast scan, also.

I suggest a boot time scan with avast in this situation..!
asyn

Which is what I suggested if you read my first reply.

Sorry Dave, I missed that..! (It was a long log)

Have a nice day,
asyn

Author Topic: Please Help! (Read 4008 times)

mmshs10

Please Help!

DavidR

Re: Please Help!

mmshs10

Re: Please Help!

Tarq57

Re: Please Help!

Asyn

Re: Please Help!

DavidR

Re: Please Help!

Asyn

Re: Please Help!