Author Topic: help with virus?  (Read 30380 times)

0 Members and 1 Guest are viewing this topic.

wshwind

  • Guest
Re: help with virus?
« Reply #60 on: March 07, 2008, 04:52:14 PM »
Hi, Here are the logs

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help with virus?
« Reply #61 on: March 07, 2008, 06:53:31 PM »
Thanks. Those files look good, but the one I was looking for didn't show up. We'll do a lttle manual investigation.

In windows explorer, at the top, click tools, folder options, click the view tab.

check Show hidden files and folders
 uncheck "Hide extensions for known file types" box
 uncheck "Hide protecting operating system files" box

Click apply

Open task manager(control,alt,del keys together) , click the process tab and locate WkDetect.exe, click end task.


Now navigate to this folder, click on it.

c:\Program Files\Microsoft Works

In the right hand panel locate

WkDetect.exe right click it, select rename, type in the new name WkDetect.old , left click near the file name and make sure the new name is there. Please make a note of the file size and date created before yo rename it.

Now submit this file to virustotal

c:\Program Files\Microsoft Works\WkDetect.old

We have a little registry fix to do.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine


REGISTRY FIX
Quote
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box make sure the top box is set to SAVE IN Desktop
Then in the FILE NAME box type 9including the " " marks) "fix.reg"
This will create a fix.reg file on your desktop

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Make sure the windows firewall is turned on. Click this link and download avast4 home. Save it to your desktop. The download link is in the left panel.

http://avast.com/eng/download-avast-home.html

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

* Remove old restore points

- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

Open HJT, run a system scan only, check mark these lines if present

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

Close all other browsers/windows, click fix, close HJT.

Physically disconnect from the internet and boot into safe mode.

Go to add/remove programs and uninstall this program

Authentium AntiVirus SDK - 2

Reboot into normal windows, double click the the avast file you downloaded. Follow the prompts. Avast will ask you if you want do an update and a boot time scan boot, Say yes. You will have to reconnect your cable. During the boot time scan, if avast finds anything, it will ask you what to do. Choose move to the chest. do not be alarmed if avast detects the files we removed with OTMOVEIT2, for those you can chose no action. The path will look similar to this C:\_OTMOVEIT2\moved\

After the scan is complete, please download DSS again, I'd like to have another look.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
.


Please post the virustotal results also.


If you have any problems with the steps above, please let me know.

Thanks.


« Last Edit: March 08, 2008, 02:51:21 PM by oldman »

wshwind

  • Guest
Re: help with virus?
« Reply #62 on: March 08, 2008, 02:22:01 PM »
There is no wkdetect in the processes of the task manager, there is also no wkdetect in microsoft works?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help with virus?
« Reply #63 on: March 08, 2008, 02:37:43 PM »
Strange it shows in hijack this. Any fix  the line and do the rest. Post back when you are done.

Open HJT, run a system scan only, check mark these lines if present

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

Close all other browsers/windows, click fix, close HJT.

EDIT: if you had trouble with the regfix not being valid, I've corrected it, it will work now.
« Last Edit: March 08, 2008, 02:50:17 PM by oldman »

wshwind

  • Guest
Re: help with virus?
« Reply #64 on: March 08, 2008, 04:38:15 PM »
heres hjk

wshwind

  • Guest
Re: help with virus?
« Reply #65 on: March 08, 2008, 04:42:25 PM »
working on avast now

wshwind

  • Guest
Re: help with virus?
« Reply #66 on: March 08, 2008, 05:32:03 PM »
Cannot locate Authentium AntiVirus SDK - in the add/remove programs... not listed   
Unsure what to do now? removed wkdetect in hjk, did reg fix,avast is on my desktop ready to load, cannot remove authentium. should i still run DSS?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help with virus?
« Reply #67 on: March 08, 2008, 07:42:23 PM »
Just hold off on the DSS. I'm looking for some info on Authentium. I thought we where ok as it shows in your installed list that you posted. It still is active according to HJT.

I'll post back soon. Everything seem ok yet?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help with virus?
« Reply #68 on: March 08, 2008, 08:59:07 PM »
Hi wshwind

Open HJT, click the misc tools button, click open uninstall manager,

Find Authentium AntiVirus SDK - 2


click on it. Now look to right and you will see a box titled "Uninstall command"

Right click the text in the box, click select all. Right click it again, select copy.

Do not click any buttons on that screen.

Please paste that into your next reply.
« Last Edit: March 09, 2008, 05:05:47 AM by oldman »

wshwind

  • Guest
Re: help with virus?
« Reply #69 on: March 09, 2008, 03:54:23 PM »
MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help with virus?
« Reply #70 on: March 09, 2008, 05:50:39 PM »
Click the start button, click run. In the run box copy and paste that command, hit enter

MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}

reboot when it is done. You should now bw able to install avast.

You should try the uninstall in safe mode,with no internet connection.
« Last Edit: March 09, 2008, 06:02:06 PM by oldman »

rapslayer

  • Guest
Re: help with virus? Win32:OnLineGames-CUX [trj] (amvo0.dll)
« Reply #71 on: March 10, 2008, 10:53:14 PM »
Can I get a help for this virus Win32:OnLineGames-CUX [trj] (amvo0.dll).......At first I tried to delete it by Avast, but Avast couldn't delete it....I tried to remove manually and it was removed...but every time when I open the Windows Avast shows me that My computer contain the worm that is called Win32:OnLineGames-CUX [trj]....I again opened folder that contain the virus but i can't see it...I opened   FOLDER OPTION  to put it in (SHOW ALL SYSTEM AND HIDDEN FOLDER choice)to see if the virus was hidden, but it wasn't there.
Can really someone help me to remove this virus?

wshwind

  • Guest
Re: help with virus?
« Reply #72 on: March 10, 2008, 11:24:26 PM »
hi there oldman,
it may have to wait a day or two. I seemed to have picked up a bug myself... I wish u could fix this one... lol   i have had the stomach flu since yesterday, will get back to u...
thanks