Author Topic: Unauthorised SCAN activated.  (Read 34397 times)

0 Members and 1 Guest are viewing this topic.

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #45 on: August 15, 2008, 05:54:02 PM »
I did the reboot last night and called it quits with the computer for the day

wyrmrider, is the log the same as what I posted in reply #32 two days ago?

David, I went back to C:\Users\Nicola\AppData\Local\Temp and checked that the Cmd..etc..file had gone.  It has.... Is this correct? 
The quarantine tab now has those 5 items which were in the scan result tab.

Does this mean the computer is ready to go onto the SuperAntiSpy stage? 

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #46 on: August 15, 2008, 05:59:30 PM »
I had SAS downloaded from the other day but not installed.  It is now installed and the updates performed and I have gone through the wizard steps.  Do I go ahead and activate the "scan your computer" button now?

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #47 on: August 15, 2008, 06:06:48 PM »
Oops that was rude of me David.  Hello to you and I hope that it is a good day where you are.  Until last year I lived 8 years in East Anglia and summer of 2002 is burned forever in my memory of as the perfect UK summer with 2003 not far behind.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86650
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #48 on: August 15, 2008, 06:19:11 PM »
I did the reboot last night and called it quits with the computer for the day

wyrmrider, is the log the same as what I posted in reply #32 two days ago?

David, I went back to C:\Users\Nicola\AppData\Local\Temp and checked that the Cmd..etc..file had gone.  It has.... Is this correct? 
The quarantine tab now has those 5 items which were in the scan result tab.

Does this mean the computer is ready to go onto the SuperAntiSpy stage? 

1. Yes the reboot was required to clean-up.
2. The log would be the same as there were no new/different detections.
3. Yes, the file is moved on the reboot which it said was required, that is why I had you move a copy to the chest first.
4. That is what I thought would happen, though there is no help file or anything that confirms the 'Remove Selected' copies them to the Quarantine, leave them there.
5. Yes, run SAS now and report what it finds.

We can send the file to avast for analysis also, as an undetected malware, but this isn't urgent and can wait until we are relatively sure your system is clean.

Oops that was rude of me David.  Hello to you and I hope that it is a good day where you are.  Until last year I lived 8 years in East Anglia and summer of 2002 is burned forever in my memory of as the perfect UK summer with 2003 not far behind.

Your very fortunate we don't get that many perfect summers here ;D So far this years summer has been a veritable washout. Some very good days, but not too many strung together and interspersed with lots of rain, typical British weather. It is nice today though after three days of moderate rain.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #49 on: August 15, 2008, 07:26:33 PM »
Fifty minutes down the track and the scan is done.

388 threats in total

Adware.Tracking Cookie [388 items]

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #50 on: August 15, 2008, 09:28:21 PM »
I clicked the next button and the application processed the threats which are a window now says is quarantined and removed.  I am not sure if you wish to review the list (which when I clicked on description of items came up as cookies -- so I guess reviewal is not necessary) Iif I don't accept the reboot now button am I to understand that the next time the computer shuts down and retstarts that those items will be gone.

Or should I just reboot now.  I guess what I am trying to find out is  -- is this stuff to be copied like those files found by MBAM.

wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #51 on: August 15, 2008, 09:46:02 PM »
388 that's a bunch
go ahead and reboot
great news that nothing serious was found

There is a debate about running something like CCLeaner or ATF Cleaner Plus Clear Prog
on one hand it removes a lot of clutter - like tracking cookies
on the other it removes logs and other things which could prove useful
so best NOT till you're through and ready to reset restore points and do a defrag

what to do next?
DavidR should be along shortly
I'm thinking either an on line AV scan
or
VUNDOFIX - which will search for several hundred CLSID strings known to be bad and used by similar infections
Or Dave may have some other ideas

how does your system seem to be working?
388 tracking cookies
start thinking about how to keep this from happening again

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #52 on: August 15, 2008, 10:59:28 PM »
wyrmrider... I would love to be thinking how to stop this from happening again but the thing is I am not really versed in that aspect of computer care.  Which makes me all the more grateful that chaps like David and you make yourselves available in times of stress and disaster and also for general help and guidance.

I will reboot now.

ps will running SAS on a regular basis keep the cookie tracking under control OR are you alluding to something different.

wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #53 on: August 15, 2008, 11:18:27 PM »
I do not know where DavidR is
usually I would recommend a Kaspersky AV scan at this point however JeanInMontana at the Malwarebytes forum recommends a Panda active scan to help with the fakeAV2008 infection had has posted a detailed how to here
ow To Do a Panda Active Scan and Save The Log, Complete With Illustration
http://www.malwarebytes.org/forums/index.php?showtopic=2306
in addition Panda will remove what it finds for free (after asking you to buy)
I am hoping that you will be comfortable with this

then we can talk about prevention

It seems as if most of the folks at Malwarebytes are refugees from the Ad-Aware user forums- many years of experience
(Ad-Aware had a forum disaster many years ago- we all left and/or they shut down the forums)

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86650
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #54 on: August 15, 2008, 11:47:42 PM »
Fifty minutes down the track and the scan is done.

388 threats in total

Adware.Tracking Cookie [388 items]

Many anti-spyware programs make a big deal of tracking cookies (virtually all cookies could be regarded as tracking cookies), they aren't a security threat, more of a minor privacy issue.

In fact I disable the tracking cookie part of the scan (Preferences, Scanning Control tab). However, what this does show is that you don't do any house keeping in regard of cookies and periodically clear them out.

Common sense is a huge part of staying clean, e.g. when you first got a notification of 'your system is at danger' or similar wording, ask yourself 'how do they know.' The simple answer is unless the alert/message comes from applications that you have installed, then they don't know and it is a scan. Having scared the person, given them a headache they offer them a headache tablet in the form of a scan, etc.

There are some real sneaky things out there that use social engineering (read scare the pants of people) to get them to do what they want, e.g. download software, visit a site, etc.

Second you need a good firewall that provides outbound protection to stop any malware that manages to get past your defences having free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc. see below ####) or open a backdoor to your computer, so outbound protection is essential.

Use Firefox or Opera as your default browser as they are effectively more secure than IE as they aren't integrated into your OS, they don't use BHOs nor do they use activX (so an exploit of IE is effectively an exploit of the OS).

If you can run your system as a limited user and not an administrator account, this won't stop you possibly getting infected, but it will limit the potential for damage.

Running, Updating and scanning with SAS and MBAM once a week (fortnightly at the least) I would say it time well spent.

####
This is why I told you to change your passwords, essential now we are reasonably confident your system is clean.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #55 on: August 16, 2008, 12:55:04 AM »

Second you need a good firewall that provides outbound protection to stop any malware that manages to get past your defences having free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc. see below ####) or open a backdoor to your computer, so outbound protection is essential.

I think I mentioned Windows Defender is my firewall but I think you are probably suggesting a firewall other than that.  If this is the case then I need suggestions.

Quote
If you can run your system as a limited user and not an administrator account, this won't stop you possibly getting infected, but it will limit the potential for damage.

OK, I am switched to standard user but I think for it to be effected the computer needs to restart.  I had to creat a new account to assign it admin status.  I think this now means if I want to be admin again I have to go into Admin to make those changes. 

Quote
This is why I told you to change your passwords, essential now we are reasonably confident your system is clean.

David, I have so many things with passwords - from bank accounts, ebay, online stores, skype, emails, paypal, phone company, ISP,  etc.  Is your suggestion applicable to them all? I reckon you are going to say yes  but I need to hear it.



Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Unauthorised SCAN activated.
« Reply #56 on: August 16, 2008, 01:24:42 AM »
I think I mentioned Windows Defender is my firewall but I think you are probably suggesting a firewall other than that.  If this is the case then I need suggestions.
Windows Defender is not a firewall, it's a weak antispyware.
Probably you're using Windows Firewall itself.
Suggestions? PcTools and Comodo are good and free ones.
The best things in life are free.

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #57 on: August 16, 2008, 01:37:14 AM »
Quote
how does your system seem to be working?

I don't know if this is related but OS (vista) does not support more than 1 windows explorer open at a time.  Beforehand I could
open any number if I wanted.  When I started up the computer this morning and tried to run two explorers the second would freeze then a box popped up saying that Windows is not operating correctly (or words to that effect) and then instantly every windows application I had open would close.

Now I can only open one explorer window.  I checked in the new admin account and the same happens there.

Any thoughts on this?


I got 2 explorer windows opened but the second froze ("windows has stopped working") and then both closed (no other windows applications open at that stage.
« Last Edit: August 16, 2008, 01:57:38 AM by nicla »

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #58 on: August 16, 2008, 01:59:53 AM »
Thanks Tech for the freebie information.  I have been looking at them but making a choice is not so easy.  I think Comodo might be the one I choose.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Unauthorised SCAN activated.
« Reply #59 on: August 16, 2008, 02:53:40 AM »
Thanks Tech for the freebie information.  I have been looking at them but making a choice is not so easy.  I think Comodo might be the one I choose.
PCTools is easier to begin.

The best things in life are free.