Author Topic: Apparent virus or malware (I'm not sure)  (Read 5146 times)

0 Members and 1 Guest are viewing this topic.

Aralhach

  • Guest
Apparent virus or malware (I'm not sure)
« on: January 06, 2008, 03:02:45 AM »
Just yesterday, I noticed that the folders on my hard drive (all of them, and not the files) are set as read only, but not completely (without a tick, but with a square, that shows that it's not complete).  I'll attach an image to explain.
When I deselect it, it pops back (it's selected again when I look at the properties again).  I've scanned it with several antiviruses, like AVG Free, an this one (avast!) and a few others, and nothing was detected.  I also performed a full system scan with Lavasoft's Ad-Aware SE Personal and I found 40 infected files (adware and such) but the problem is still there.  I don't know what to do. HELP!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Apparent virus or malware (I'm not sure)
« Reply #1 on: January 06, 2008, 06:16:54 PM »
I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware not the antivirus; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than. Indeed, Lavasoft's Ad-Aware SE Personal is not that good (not even the last version) in detection.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
The best things in life are free.

Aralhach

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #2 on: January 08, 2008, 03:49:28 AM »
First of all, thank you very much for taking the time to answer my question.

I'm not completely sure what you meant by Temporary Files, but I cleared my Firefox cache and my IE Temporary Internet Files.

The boot scan was negative, no viruses found.

The spyware programs you recommended were very good, and detected almost 80 threats. I didn't use AVG Antispyware, because it wasn't free and I don't want more trial versions, and I can't afford it right now.

I tested my machine for root-kits with both programs and found none.

I used the RunScanner with online analysis and no unsafe red items appeared, although there were some blue ones that it wasn't sure about.

My HiJackThis scan log is attached (it didn't let me post it because of the posting character limit).

Thank you again for your help.

galooma

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #3 on: January 08, 2008, 03:58:56 AM »
one of our most common problems found here when people complain of slow system response and similar comes down to the person having 2 AV programs installed . You have taken this to another level by having 3.
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

so you must have the equivalent of WW2 happening in your system.
This line
 NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
and
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
need to be fixed but this may just be the result and you maybe still have the cause.
show us the logs from SAS scan.
good luck
« Last Edit: January 08, 2008, 04:06:53 AM by Cloussau »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Apparent virus or malware (I'm not sure)
« Reply #4 on: January 08, 2008, 01:30:50 PM »
I didn't use AVG Antispyware, because it wasn't free and I don't want more trial versions, and I can't afford it right now.
It's a trial for 30 days and then become free if you did not pay. No problems.

My HiJackThis scan log is attached (it didn't let me post it because of the posting character limit).
I'm not an expert on it. Hope other users could help.
The best things in life are free.

Aralhach

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #5 on: January 08, 2008, 03:34:38 PM »
Thanks a lot for your help.

Now, my problem is not having my computer slow down or have fits.  It's the read-only problem in the first post.  That problem made me look desperately for help, and I downloaded everything I could, and scanned for anything; I also used online scanners, with no avail (only some adware was not as much as the recommended software found).

I have uninstalled my AVG Free and I might consider uninstalling NOD32, especially since it's not free.  I hope this helps and some recommendations would not be out of order  ;)

This line:
NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
is like that because the anti-adware software deleted the file as Adware.NewDotNet and I guess it didn't fix the registry entry, although before going to sleep last night I ran a registry optimizer that fixed several problems and might have fixed it.

I don't know what this is:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
or how to delete it (or at least not sure right now, I'll probably be able to figure it out).

I don't know what the SAS scan is.

Again, I thank you for listening and helping me.

galooma

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #6 on: January 08, 2008, 03:59:10 PM »
The SAS refers to Super Anti Spyware , its a program you have installed on your system and is one of the small percentage that is worth keeping.
The BHO I referred to earlier can be deleted/deregistered by placing a tick against it and the NEWDOTNET line using HJT then clicking the fix checked icon. This will render them inactive. Reboot and check they havent come back.
 Lastly this is primarily an AV support forum however someone may know the answer to your "read only" problem and I would advise you check back occasionally to see if anyone has any suggestions.
If you have paid a subscription for Nod32 then personally I would pick that one to keep , at least for the life of the subscription, its a good product.
good luck

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Apparent virus or malware (I'm not sure)
« Reply #7 on: January 08, 2008, 10:31:01 PM »
I have uninstalled my AVG Free and I might consider uninstalling NOD32, especially since it's not free.
Disable is not enough. You must use only one antivirus at a time in your computer.

I don't know what the SAS scan is.
SUPERantispyware.
The best things in life are free.

tkoller

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #8 on: October 06, 2008, 02:45:13 AM »
I have the same "read only" issue. Doing a web search on this is what led me to avast!. Not wishing to duplicate all the hard and ineffective efforts already shown, I will add this: I used the good old DOS attrib command and found that these folders do not actually have this attribute set. So of course trying to unset it was useless, but I had to try. XP still shows read only though.

The only problem it gives me is the download manager in Firefox can't complete downloads. To get and try avast! I had to use a jump drive. As noted in earlier posts, avast! was no help. I will watch this post for a few days and maybe start a new topic.

wyrmrider

  • Guest
Re: Apparent virus or malware (I'm not sure)
« Reply #9 on: October 06, 2008, 04:54:15 AM »
AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
AVG has a new removal tool since July- you need to run it
then keep either NOD-32 or Avast  both good- but NOT BOTH

by any chance is this a NOD-32 "on line" on demand" scan entry or did you have Nod 32 free trial or paid installed?

the 02 entry with the CLSID ending on 045 is MSN messanger- leave it alone
you can remove MSN messenger with other means

is new.net in add remove programs?
we do not want it
wait till after your next hjt and let's see if it's gone

to do list
fix the AV  complety remove 2 and with avg run the removal tool

Run MBAM (see Tech for link)update scan- put a check next to any baddies and then REMOVE SELECTED
Run SAS update Clean and Quarantine
post the logs but edit out any cookies
then a new HJT

so far so good
« Last Edit: October 06, 2008, 05:16:53 AM by wyrmrider »