Author Topic: Virus "symptoms" still present after removal  (Read 14935 times)

0 Members and 1 Guest are viewing this topic.

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Virus "symptoms" still present after removal
« on: December 24, 2013, 12:42:22 AM »
Hello!

My husband was getting virus detected messages when he tried to download files. During a boot scan of his laptop, Avast (free version 2014, just installed yesterday-- I had to put it on via flash drive from my pc since I couldn't download it) found PUP:win32:installer-L, a virus that prevents downloads. I chose option 2, "fix all automatically." Nothing else was detected and the scan completed. I looked at the log and saw that it was successfully moved to chest.

Afterwards, I tried to download an exe file to test it, and I couldn't download the file. I received an error message because of a virus detected. I ran another boot scan, which came up clean.

Is there some sort of patch or fix for this? There must be something still hanging around from the installer-L. Any ideas of what to do, if not?

PS--I hope this post is not a duplicate. I had a problem the first time--didn't realize I had to verify again before posting. Then when I did, it said the message was posted.... but it wasn't.... ???

Thanks,
JB

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Virus "symptoms" still present after removal
« Reply #1 on: December 24, 2013, 12:52:37 AM »
Quote
PUP:win32:installer-L
PUP = not virus / Possible Unwanted Program     usually adware/toolbar browser crap you get when downloading free software

if you want a check.....

follow instructions and attach logs (not copy and paste)  http://forum.avast.com/index.php?topic=53253.0

we need Malwarebytes / OTL  Logs



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Virus "symptoms" still present after removal
« Reply #2 on: December 24, 2013, 12:54:32 AM »
Quote
I had to put it on via flash drive from my pc since I couldn't download it
if you use lots of removable drives among many computers, i recomend installing this.....

MCShield USB protector   www.mcshield.net     


Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #3 on: December 24, 2013, 05:14:00 AM »
Thanks Pondus.

Ok, so I stand corrected on PUP vs. virus. Sorry! I thought since the program was preventing me from doing something it was automatically a virus!

I will have to do the same thing with Malwarebytes, e.g., download it to a flash drive in order to install it on his machine, though I'm not sure it will be able to update. I hope so!

And, I see that I need to post the results of everything in a different topic area. I'll work on that in the next day or two, including running a scan with Malwarebytes. Perhaps that will solve the issue and I won't need to do all the rest (she said, hopefully)....

Janet B

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Virus "symptoms" still present after removal
« Reply #4 on: December 24, 2013, 07:36:54 AM »
Quote
And, I see that I need to post the results of everything in a different topic area. I'll work on that in the next day or two, including running a scan with Malwarebytes. Perhaps that will solve the issue and I won't need to do all the rest (she said, hopefully)....
since you have already started this topic here, you can attach those logs here.....
and you should also attach OTL log after you have run Malwarebytes as there may be additional files that need removal ... the removal expert will see this from that log


Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #5 on: February 02, 2014, 10:22:43 PM »
Hello-

I replied to this today (Feb2) but keep getting error messages. This is my last try in this thread.

I've done the malwarebytes scan and have attached it. Now working on OTL.

JB

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #6 on: February 02, 2014, 10:44:48 PM »
Hi when you have run the OTL scan here are the instructions for MCShield

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #7 on: February 02, 2014, 11:04:31 PM »
I'm running OTL now. But I'm not sure why I need McShield at this time?

We don't use flash drives in general, with this laptop. The only reason I've used one recently is to be able to download the necessary Malwarebytes and OTL exe files to my flash drive so that I can copy them to the laptop to run them.  You're probably thinking: "well how does he do backups."  Well.... that particular "he" is very lax on this sort of thing, despite constant nagging!!!

Right now I cannot download *any* file on to that laptop!!!! >:(

My understanding is that MCShield is to check the flash drive, correct?

It doesn't seem like I need that yet--unless I've misunderstood what it does.

JB

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Virus "symptoms" still present after removal
« Reply #8 on: February 02, 2014, 11:07:11 PM »
Quote
   Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that   
Or ..... use the new Log button on left side of MCShield     ;)



Quote
  It doesn't seem like I need that yet--unless I've misunderstood what it does.
Essexboy usually have good reasons .....



Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #9 on: February 02, 2014, 11:14:26 PM »
No problem there!  I just like to understand what I'm putting on my machine and why, before I do it.

Thanks again-
JB

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #10 on: February 03, 2014, 12:18:03 AM »
No problem there!  I just like to understand what I'm putting on my machine and why, before I do it.

Thanks again-
JB
Trust Essexboy.......he is an expert......do a search on him if you want.....not just here but on other Forums.
He has saved me in the past several times.....in fact folks try to get his time on items....he is busy guy. :)
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #11 on: February 03, 2014, 12:25:19 AM »
Quote
I had to put it on via flash drive from my pc since I couldn't download it
if you use lots of removable drives among many computers, i recomend installing this.....

MCShield USB protector   www.mcshield.net   

Pondus, don't want to hijack this thread but very curious about this "mchsield".
How well does it work ?
Does Avast not cover me with connecting USB drives ?
Does it play well with Avast ?
I also have MBAM Pro (active protection) on.....does it play well with Avast + MBAM Pro ?

Thx.

....UPDATE.........
Never mind....I answered my own question....did not realize MCShield was by McAfee.....I would never use their products...complete garage stuff.  Ton's of threads out there on problems with MCShield and I understand why now...McAfee
https://forums.malwarebytes.org/index.php?showtopic=94224
I'll stick with Avast + MBAM Pro + CryptoPrevent.....I know everyone has their own experience and beauty is in eye of beholder thing.  I would have deleted this post but cannot find that option...do not want to de-rail thread...I apologize.
« Last Edit: February 03, 2014, 12:39:10 AM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline iroc9555

  • CCS, Vzla.
  • Avast √úberevangelist
  • Starting Graphoman
  • *****
  • Posts: 7462
  • No soporte por PM.
Re: Virus "symptoms" still present after removal
« Reply #12 on: February 03, 2014, 01:29:04 AM »
... did not realize MCShield was by McAfee...

It is not by McAfee. It is a Serb group specialized in security. Two of its contributors lend their time here at the virus and worms Forum, argus and magna86. Many of us has adopted the use of this application because its usefulness and detection of worms and other kind of malware related to USB flash devises to complement avast!
http://www.mcshield.net/
http://www.mycity.rs/
« Last Edit: February 03, 2014, 02:03:41 AM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #13 on: February 03, 2014, 02:06:20 AM »
... did not realize MCShield was by McAfee...

It is not by McAfee. It is a Serb group specialized in security. Two of its contributors lend their time here at the virus and worms Forum, argus and magna86. Many of us has adopted the use of this application because its usefulness and detection of worms and other kind of malware related to USB flash devises to complement avast!
http://www.mcshield.net/
http://www.mycity.rs/

Thx for clarifying.....I see you also use MBAM Pro.....with active protection ?
Any conflicts with MCShield ?
.....also, guess MBAM does not cover the same as MCShield ?
...perhaps I should start own thread on subject.....hate to hijack this one.
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Hello,

I ran OTL. I configured the settings as per the example, as far as I can tell, and only one file was generated, not two. When the scan finished, only OTL.txt was open on my screen. No sign of OTL extras. I searched the computer for OTL*.* and only found the exe and the txt file, which is attached.

Please advise, before I go to the next download required.