virusus I have that I need to get rid of

[sparkkconnection]

I did a thourough scan with avast! and this is what came up.....

Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: 2r_samba.exe
FileID: 7
Virus Description: Win32:Adware-gen. [Adw]

Virus has been detected!
File Name: 2r_samba.exe
FileID: 7
Virus Description: Win32:Adware-gen. [Adw]

Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: mi1.exe
FileID: 9
Virus Description: Win32:Adware-gen. [Adw]

Virus has been detected!
File Name: mi1.exe
FileID: 9
Virus Description: Win32:Adware-gen. [Adw]

Virus has been detected!
File Name: mi1.exe
FileID: 9
Virus Description: Win32:Trojan-gen. {Other}



Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: PSGuardInstall.exe
FileID: 8
Virus Description: Win32:Adware-gen. [Adw]






can someone help me get rid of them please idk how to

[marcjessa]

Can avast! detect the infected files?? can avast! delete it??

If "yes", therefore no PROBLEM..

but...

If "no", hmm.. you can help to solve your own problem.. and others too, if they are infected..

have a sample of the files then send it to virus@avast.com for testing..

If problems persist..

DON'T PANIC..

help will come..

Avast! will solve that..

1 week guarantee.. 

[essexboy]

Try this

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[sparkkconnection]

yes avast detects the infected files... I moved them to the chest, and deleted them, but they come up again the next time I scan, and I still have problems on my computer

[essexboy]

Yes that would be right the infectors are hidden as innocuous files so run Combofix and we shall see if we can get them

[DavidR]

Firstly @ mattrex0220 - Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Secondly - avast clearly detected it as it was found during a thorough scan and the malware names appear to be ones allocated by avast- So there is little point in sending a sample which is detected by avast, unless you suspect that the detection is incorrect (see below)

@ sparkkconnection
What version of avast are you using Home or Pro ?
When avast detects and infection (home version) it asks for user input, what action it should take, what did you choose ?

Where were the infected files found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

Report the findings here if required, e.g. only avast detected it, etc.

[lee16]

It is also possible that System Restore is replacing the file (if you are using WinXP/ME) after Avast deletes it, but will be easyier to know what is going on if you provided the directory location of the file (as stated in DavidR's step 4)

--lee

[sparkkconnection]

C:\windows\system32\mi1.exe
C:\PSGuardInstall.exe
and idk the other one, I deleted it off the chest thing


and I'm using home version

the action I took was to move them to the chest... one of them said it was too big to store in the chest and I had to delete it... which is why I'm scanning again right now

and where is this avast icon I right click?

[DavidR]

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them. This allows you to investigate as you still have a sample, obviously slightly different as there appear to be other elements at work restoring the file.

I suspect the one that was to big was the psguardinstall.exe you can increase the size of the file and chest to accept larger files, Program Settings, Chest. You need to run ComboxFix as essexboy suggests.

The avast 'a' icon should be on the bottom right of your screen on the system tray.

[sparkkconnection]

no, it wasn't the psguardinstall.exe, that one I was able to move to the chest....

[sparkkconnection]

btw, where do I get HiJackThis? I don't klnow what it is or where to get it but everyone says i should have it

[DavidR]

Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2

[sparkkconnection]

here is what showed up in the log viewer... under description

Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Program Files\SoftwareRevenue.org\2r_sa...
Sign of "Win32: Adware-gen. [Adw]" has been found in "C:\PSGuardInstall.exe" file.
Sign of "Win32:DCom-F [Expl]" has been found in "C:\WINDOWS\MEMORY.DMP" file.
Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\mi1.exe" file.


and this is the log in ComboFix

Code: [Select]

1999-03-05 11:38      520760    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cfx32.ocx.vir
2007-04-06 15:40      364    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-04-06 15:40      364    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-04-06 15:40      364    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-05-05 12:42      803    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\Desktop\Internet Explorer.lnk.vir
2007-05-30 14:05      657104    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\compwiz.exe.vir
2007-07-16 19:13      0    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiVirus Pro 2007\err.log.vir
2007-07-16 19:13      20    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode.vir
2007-07-16 19:13      5    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr.vir
2007-07-16 19:14      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-16 19:14      36    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode.vir
2007-07-16 20:25      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\err.log.vir
2007-07-16 20:25      4    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-07-16 20:28      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-16 23:06      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\stera.log.vir
2007-07-16 23:07      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\stera.job.vir
2007-07-17 07:58      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-17 07:58      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\err.log.vir
2007-07-17 07:58      4    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-07-17 08:01      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-17 08:01      1585    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\ResErrors.log.vir
2007-07-17 08:03      5548    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-17 09:57      19456    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\MICHAE~1\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-17 10:03      3237    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\ResErrors.log.vir
2007-07-17 11:10      39111    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-17 12:03      4820    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-17 12:21      26624    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Kris\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-17 12:24      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\err.log.vir
2007-07-17 15:25      1722    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-17 17:29      5547    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-17 18:07      2560    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat.vir
2007-07-17 18:07      48128    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-17 18:09      100090    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\ResErrors.log.vir
2007-07-17 18:09      137    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jake\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-08-05 14:10      8704    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vophqmn.dll.vir
2007-08-05 14:17      24576    --a------    C:\Qoobox\Quarantine\C\Program Files\Video ActiveX Access\imsunst.exe.vir
2007-08-05 14:17      37320    --a------    C:\Qoobox\Quarantine\C\Program Files\Video ActiveX Access\uninst.exe.vir
2007-08-05 14:17      4286    --a------    C:\Qoobox\Quarantine\C\Program Files\Video ActiveX Access\ot.ico.vir
2007-08-05 14:17      4286    --a------    C:\Qoobox\Quarantine\C\Program Files\Video ActiveX Access\ts.ico.vir
2007-08-05 14:17      69120    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\__c00BDEB3.dat.vir
2007-08-06 07:48      5120    --a------    C:\Qoobox\Quarantine\C\Program Files\Video ActiveX Access\iesmin.exe.vir
2007-08-08 17:33      80895    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\__c0027AE2.dat.vir
2007-08-09 14:35      774    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_FOPN.reg.cf


Folder PATH listing
Volume serial number is 004D-F3F3
C:\QOOBOX
\---Quarantine
    +---C
    |   +---DOCUME~1
    |   |   +---ALLUSE~1.WIN
    |   |   |   \---APPLIC~1
    |   |   |       \---WinAntiVirus Pro 2007
    |   |   |           \---Data
    |   |   |                   Abbr.vir
    |   |   |                   ActivationCode.vir
    |   |   |                   ProductCode.vir
    |   |   |                   
    |   |   +---Jake
    |   |   |   |   err.log.vir
    |   |   |   |   ResErrors.log.vir
    |   |   |   |   
    |   |   |   +---APPLIC~1
    |   |   |   |   \---WinAntiVirus Pro 2007
    |   |   |   |       |   avtasks.dat.vir
    |   |   |   |       |   CookieList.dat.vir
    |   |   |   |       |   history.db.vir
    |   |   |   |       |   PGE.dat.vir
    |   |   |   |       |   
    |   |   |   |       \---Logs
    |   |   |   |               update.log.vir
    |   |   |   |               wa7Support.log.vir
    |   |   |   |               winav.log.vir
    |   |   |   |               
    |   |   |   \---Desktop
    |   |   |           Internet Explorer.lnk.vir
    |   |   |           
    |   |   +---Kris
    |   |   |   |   err.log.vir
    |   |   |   |   ResErrors.log.vir
    |   |   |   |   
    |   |   |   \---APPLIC~1
    |   |   |       \---WinAntiVirus Pro 2007
    |   |   |           |   avtasks.dat.vir
    |   |   |           |   history.db.vir
    |   |   |           |   PGE.dat.vir
    |   |   |           |   
    |   |   |           \---Logs
    |   |   |                   update.log.vir
    |   |   |                   wa7Support.log.vir
    |   |   |                   winav.log.vir
    |   |   |                   
    |   |   \---MICHAE~1
    |   |       |   err.log.vir
    |   |       |   ResErrors.log.vir
    |   |       |   
    |   |       \---APPLIC~1
    |   |           \---WinAntiVirus Pro 2007
    |   |               |   avtasks.dat.vir
    |   |               |   history.db.vir
    |   |               |   PGE.dat.vir
    |   |               |   
    |   |               \---Logs
    |   |                       update.log.vir
    |   |                       wa7Support.log.vir
    |   |                       winav.log.vir
    |   |                       
    |   +---Program Files
    |   |   +---Common Files
    |   |   |   +---Companion Wizard
    |   |   |   |       compwiz.exe.vir
    |   |   |   |       
    |   |   |   \---WinAntiVirus Pro 2007
    |   |   |           err.log.vir
    |   |   |           
    |   |   \---Video ActiveX Access
    |   |           iesmin.exe.vir
    |   |           imsunst.exe.vir
    |   |           ot.ico.vir
    |   |           ts.ico.vir
    |   |           uninst.exe.vir
    |   |           
    |   \---WINDOWS
    |       \---SYSTEM32
    |               Cfx32.ocx.vir
    |               stera.job.vir
    |               stera.log.vir
    |               vophqmn.dll.vir
    |               __c0027AE2.dat.vir
    |               __c00BDEB3.dat.vir
    |               
    \---Registry_backups
            LEGACY_FOPN.reg.cf
           


[sparkkconnection]

omg, I think my problems gone... 

[Lisandro]

omg, I think my problems gone... 

What did you do to solve them?