Win32:OnlineGames-IG [Trj] ,Win32:OnlineGames-JD [Trj]

[FreewheelinFrank]

If you have already put it into the chest during a boot time scan and it came back, it means something is protecting it. Every time you delete it it will come back unless you also delete the other process.

Please run AVG Anti-Spyware and DrWeb CureIT! and see if they fix the problem.

If not, please post the HijackThis! log.

n how about c0nime and spolive?

Waht are these?

[airgear2003]

okok,what i put into chest during boot time scan was cmdbcs.dll but not cmdbcs.exe
and i found there is a cmdbcs.exe that creating the cmdbcs.dll everytime i open my pc
so,what should i do with  cmdbcs.exe,delete it or put into chest ?

[DavidR]

Put it in the chest it can do no harm there as I previously mentioned and send the sample to avast from the chest (this will aid detection in future VPS updates).

So this would appear to have a companion file, cmdbcs.exe and as a startup entry could be creating the cmdbcs.dll. If you find this cmdbcs.exe, add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Check, Windows Start button, Run, type msconfig and click OK, check the Startup Tab and see if the startup entry for cmdbcs.exe exists and if so delete it.

n how about c0nime and spolive?

Did avast detect them or something else, if so what is the malware name file name and location this information helps us to help you.

If you ever have any doubt put them in the chest, this should 'always be your first action' from here you can take other actions were if you delete you have no actions left.

[FreewheelinFrank]

Sorry. Do you mean the registry entry?

The following registry entry is created to run cmdbcs.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cmdbcs
<Windows>\cmdbcs.exe

http://www.sophos.com/security/analyses/trojlegmiraqj.html

If avast! detects the file cmdbcs.exe, put it into the chest, yes. If avast! doesn't detect it but you can find it, manually put it into the chest by all means.

But please run the scans mentioned and post a HijackThis! log.

[airgear2003]

just cut the cmdbcs.exe and paste into C:\Program Files\Alwil Software\Avast4\DATA\chest   ??

[FreewheelinFrank]

I think you have to open the chest and select one of the options there.

[DavidR]

No, open the avast and add the file to the User Files section.

1. Right click the avast icon and select Start avast antivirus.
2. Once the Simple User Interface is displayed, right click in the middle of the skin and from the menu, select Virus Chest, see image 1.
3. Click on the User Files icon, at the top of the window, click File, Add, now navigate to where the file is and add it to the chest, see image 2.
4. Once it is in the chest delete the original copy.
5. You can now send the sample to avast, right click on the file, select email to Alwil Software.

[airgear2003]

ok ,it was in the chest now
but i cant send to avast,which 1 should i use ,SMTP or MAPI
if SMTP..what should I type in the 'server address' ,'port',and also 'from address'

[Lisandro]

just cut the cmdbcs.exe and paste into C:\Program Files\Alwil Software\Avast4\DATA\chest   ??

No... this way the file won't be 'into' Chest, just into that folder.
Look closely and you'll see that the Chest files are encrypted (for protection and security: virus can't get out from the encryption).

[Lisandro]

if SMTP..what should I type in the 'server address' ,'port',and also 'from address'

server address: smtp.yourISP.com (for instance, smtp.comcast.com)
port: 25
from address: youremail@yourISP.com (for instance, airgear2003@comcast.com)

[airgear2003]

i did what u taught,Tech,but it is still fail
how about i send the cmdbcs.exe to 1 of u n 1 of u send it for avast?

[Lisandro]

how about i send the cmdbcs.exe to 1 of u n 1 of u send it for avast?

You can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won't have READ access to the ftp server, just write - so you won't even be able to see what you've just uploaded).
Just write down on the address bar of Windows Explorer the name of that folder: ftp://ftp.avast.com/incoming
and copy and paste the file...

[Lisandro]

This is what a boot time scan looks like:

(This is an old screen shot so it doesn't have the 'move to chest option'.)

Frank, just a curiosity...
Did you take this screenshot using a virtual machine?

[FreewheelinFrank]

I "borrowed" it from somebody else's web page. 

I usually link to the page but I could find it yesterday. This is the page:

http://bcheck.scanit.be/bcheck/page.php?name=HIJACKED&page=7

[Lisandro]

I "borrowed" it from somebody else's web page. 

Thanks... Indeed seems a virtual machine running and the screenshot is took from 'outside'...