Author Topic: New User with multiple viruses that somehow got past Avast...  (Read 28709 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #30 on: September 23, 2008, 12:06:04 AM »
Eset found nothing scanned today
rogue, superantispy, antimalware all show nothing
attached logs
kaspersky scan in progress

2 questions:
what would you use as a regular routine; hopefully not passing the day scanning with 12 different software to stay "clean"...
there was a comment about using facebook as a trusted site as being foolish/bad. what does that mean?
awaiting instructions on my problem with restores... I guess my restore points are infected?

DON'T KNOW WHAT THIS IS:
did we ever determine what this is/was?
ProtectService\ProtectService.exe

WILL RUN THIS LATER:
I'd also like to see a scan with Spybot Search and Destroy  from
http://www.safer-networking.org/en/mirrors/index.html
quarantine any hits

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: New User with multiple viruses that somehow got past Avast...
« Reply #31 on: September 23, 2008, 02:08:22 AM »
A ESET log should have been saved here C:\Program Files\EsetOnlineScanner\log.txt

Quote
did we ever determine what this is/was?
ProtectService\ProtectService.exe

Not sure,except SAS classed it as a rootkit and removed it.

Quote
there was a comment about using facebook as a trusted site as being foolish/bad. what does that mean?

It means that by default your security setting are lower. This may mean java, axtive x installs without permission.

To help stay clean, use one antivrus program, you all ready have 2 very good on demand antispyware programs, keep them both. Now add a good firewall and a resident antispyware program. Wyrmrider suggested some.

Hold off on the cleaning of the sytem restore points until you are sure you are clean. They may be infected, but at least you've got them. They won't hurt you unless you use them.

Good find CharleyO. It could very well be an autorun that is causing this. My brain just isn't here these days.

@Missionary

When you right click the c:\ drive, what do you see in the menu? Check this first and let us know.

Download this program, Flash Drive Disinfector by sUBs from

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe


Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done. Then try your drives.



wyrmrider

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #32 on: September 23, 2008, 02:56:55 AM »
@oldman
if SAS found this as a rootkit why is it still here?
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe (file missing)

does this have to do with the Kenny16 removal?

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
we could also fix this one
was Windows Live Messenger but is already disabled

@Missionary does Windows Live Messenger show up in your add remove programs or Microsoft features lists?
do you use IT?

 

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #33 on: September 23, 2008, 06:02:11 AM »
Quote
To help stay clean, use one antivrus program, you all ready have 2 very good on demand antispyware programs, keep them both. Now add a good firewall and a resident antispyware program. Wyrmrider suggested some.
I AM A BIT OVERWHELMED... Please excuse my ignorance.
I am running Avast, and I have downloaded and used HJT, RogueRemover, CCCleaner, Anti-Malware, Super-AntiSpyware, Dr. Web CureIt, Spybot search.
Would you keep Avast as the resident antivirus? What else would you keep and use regularly? It is all a bit over whelming and the terms are throwing me.
What good firewall? Is the XP firewall from windows insufficient?    Resident antispyware program is Super-AntiSpyware?
Which would be the 2 very good on demand antispyware programs?

@ wyrmrider
Quote
@Missionary does Windows Live Messenger show up in your add remove programs or Microsoft features lists?
do you use IT?
yes it is in there. Kids use it a lot, but can eliminate it if it's a huge problem.

Ran Spybot and attached is a screen capture of results

Quote
Hold off on the cleaning of the system restore points until you are sure you are clean.
when and how do I proceed?

Kaspersky is running now... finding a few more problems. This stuff is endless!

@ oldman
Quote
When you right click the c:\ drive, what do you see in the menu? Check this first and let us know.
The directory problem is fixed somehow...  Yay!

THANKS FOR ALL THE GREAT ADVICE AND PATIENCE!  Will report tomorrow results of Kaspersky.

wyrmrider

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #34 on: September 23, 2008, 06:08:06 AM »
I have to log off
the worst is over
you are doing great and we can deal with the prevention issues tomorrow
watch for items in recovery partitions and in quarantines and do not panic if there

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: New User with multiple viruses that somehow got past Avast...
« Reply #35 on: September 23, 2008, 06:47:33 AM »
I'll try to answer the questions as best I can.

@wyrmrider

Quote
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe (file missing)

does this have to do with the Kenny16 removal?

It's a dead service. SAS removed the file. The service can't run now and can be removed. I don't know if it was related to kenny or not. Once SAS removed Protect sevice.exe, the service was finished.

@Missionary

Quote
I AM A BIT OVERWHELMED


Deep breath now, calm down.   :)   ;)  You have most of your security programs in place all ready.

Resident antivirus-Avast
non-resident antispyware-SAS and malwarebyte. Both very good. Note: unless you have the paid for SAS, it will become on demand (non resident) once the trial period is over. Niether of those programs will use any resources untill you run them.

If you enable Spybot's teatimer, you will have your resident antispyware program. Don't do this until your system is clean as it may interfere with some of the things you still have to do. When you are ready to turn on teatimer, the instructions can be found here  http://www.malwarehelp.org/how-to-enabledisable-spybot-teatimer.html

Firewall- Windows firewall only monitors inbound traffic, You should have a firewall that monitors traffic in both directions. You can wait untill you are done to worry about a firewall. Someone will recommend a good one to you.

Quote
Hold off on the cleaning of the system restore points until you are sure you are clean.
when and how do I proceed?

When you are sure your system is clean. You will be given instructions.

Quote
The directory problem is fixed somehow...  Yay!
Did you use Flash Drive Disinfector or did the problem resolve itself?

Any luck finding the ESET log? Kaspersky won't fix anything, so posting the log is important.

wyrmrider

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #36 on: September 23, 2008, 06:13:11 PM »
I see that Spybot got a trojan- still a very valuable scanner
Spybot will update Wednesday so update and re-immunize
post up the Kaspersky log
answer oldman's questions

as oldman indicates you can scan with HJT
close all browser windows even this one (and I do this without any other user apps running)
select the 023 service and then FIX CHECKED

Did we ever run a scan with Malware Bytes Anti Malware
I see a Malware Scan but not log so ???

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #37 on: September 23, 2008, 09:57:26 PM »
Directory problem resolved itself
Kaspersky scan found some problems; report attached.
Ran SuperAntiSpyware and picked up one thing. Also attached screen shot of quarantined items including the above new one.
Quote
Did we ever run a scan with Malware Bytes Anti Malware
I see a Malware Scan but not log so
yesterday it found nothing, so I did not post the report.
attached below from scan today

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #38 on: September 23, 2008, 11:26:22 PM »
Quote
close all browser windows even this one (and I do this without any other user apps running)
select the 023 service and then FIX CHECKED
done as instructed, attached report below.

Anything else before I am deemed "clean"??

wyrmrider

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #39 on: September 24, 2008, 02:59:45 AM »
Well Kaspersky found a generic possibility in your inbox
screwing with the inbox is not advisable
just BVVC opening any attachments on old e-mails
no way to tell which one it is

Do not delete the 02 with HJT if you have not done so
It has to do with windows Live messenger which may have been off at the time of the scan
hjt looks good

mbam looks good !

get a third party fiewall   comodo without the AV, pc tools etc  turn off the xp firewall
run secuna software inspector and get everything updated
your java is out of date
remove all old java before installing the new one

install javacool's spywareblaster if you do not have it
I'd like to see a Hosts file

for some real time anti spyware
spybot t-timer (do you have spybot I forget?
windows defender
spyware doctor from google pack  (if you have lots of resources)

« Last Edit: September 24, 2008, 03:06:41 AM by wyrmrider »

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #40 on: September 24, 2008, 04:03:15 AM »
Quote
Do not delete the 02 with HJT if you have not done so
It has to do with windows Live messenger which may have been off at the time of the scan
hjt looks good
too late; deleted all with that prefix. What are the ramifications?
Quote
get a third party fiewall
suggestions for a novice?

I am running Avast, and I have downloaded and used HJT, RogueRemover, CCCleaner, Anti-Malware, Super-AntiSpyware, Dr. Web CureIt, Spybot search.
Would you keep Avast as the resident antivirus?
Just added and enabled SpywareBlaster as recommended in last post. What about Super-AntiSpyware? it is presently active as well.

Am running Secunia online scan now. updating all results shown.

Quote
Well Kaspersky found a generic possibility in your inbox
screwing with the inbox is not advisable
just BVVC opening any attachments on old e-mails
no way to tell which one it is
deleted old mailbox file and seems to be OK

Ran Kaspersky online scan and produced 0 results. attached report.


REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #41 on: September 24, 2008, 05:09:12 AM »
Can't get Java to install; deactivated all virus  protection I could find... avast, spyware blaster, super-antispyware.
 went to the site and looked up error codes and tried all they suggested. (download offline installer and deactivate virus protection).


wyrmrider

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #42 on: September 24, 2008, 05:17:58 AM »
someone else will have to answer your java question
run javara and see how many old versions are installed
remove all but the last one till you get the new one installed, the remove it
(or did you remove all of them already?)
the download went well?
are you on the free version of SAS- there should be nothing to de-activate
spyware blaster should have no effect

too late; deleted all with that prefix. What are the ramifications?
they are just toolbars or messenger- you can reinstall if you miss them  you might see if there are uninstallers in add remove programs or in Program files and clean up a little


get a third party fiewall
suggestions for a novice?  Try Comodo turn MS virewall off if xp- Vista will do it for you
I just installed it and if I were to do it again I'd look at the manual first so that I would know what the install choices are  I would not go pro with the CLAM AV or the BHO toolbar  Defender plus seems ok

I am running Avast,
HJT, just keep it uses no resources and some malware screws with your internet connection so you could not get it again if you needed it
CCCleaner I use it all the time
RogueRemover, 
Malware Bytes Anti-Malware,
Super-AntiSpyware, Dr. Web CureIt, are not active unless you are using them
you can set not to start at boot time- remove from start up
you might want to keep them on your hard drive for the same reason as HJT and maybe run a scan once a month

 Spybot search and destroy keep update every Wednesday and immunize
turn on sd helper and t-timer (see how they work for you)
we need some real time protection and these are as light as any (that work)
If t-timer is not satisfactory then try Windows Defender
Would you keep Avast as the resident antivirus?  oh yes nearly the best and NO better free one
(unless you know in advance what your next infection will be :)
Just added and enabled SpywareBlaster as recommended in last post. good takes no resources

Am running Secunia online scan now. updating all results shown.
remove all old java

time for a defrag and set a new restore point

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #43 on: September 24, 2008, 05:34:10 AM »
I believe you said deactivate xp firewall when I install comodo, right?

REDACTED

  • Guest
Re: New User with multiple viruses that somehow got past Avast...
« Reply #44 on: September 24, 2008, 06:30:39 AM »
 ??? Trouble!?!
I installed comodo firewall, it ran virus check and asked to restart. which I did.
It has been at the Windows XP startup window for at least 10 minutes... I smell trouble!
Any suggestions?