Something Wrong *I think I fixed it XD*

[Husk]

Hi, I have had some problems ith my computer for the last two days now. I tried System Restore (It failed), MSN isn't working - I login and get the error 8004882e. My firefox just started crashing every 2 minutes, (I reinstalled it but it says it is still running) *confused about that, You can have several windows open but you can't open it when it says I have to close the other =Z. And every single site is asking for a certificate (IE) More reason to hate it.

Any Ideas. I ran a scan last night and got

Dc24.exe
Dc24.exe
Dc25.exe
Dc26.exe
pack.exe
SearchPluginInstaller.exe

Any of these dangerous?

[CharleyO]

***

Dc25.exe is related to malware ...

http://spywarefiles.prevx.com/RRIHAD61869/DC25.EXE.html

I would suggest that Dc24 & 26 may also be related.

SearchPluginInstaller.exe is also related to malware ...

http://www.threatexpert.com/files/searchplugininstaller.exe.html

I suggest you use malwarebytes antimalware (MBAM) to remove this problem.

http://www.malwarebytes.org/mbam.php


***

[Husk]

Thanks Charley, it did not show Dc when the alert was detected, So i'm not sure if that's anything to worry about, But will take your advice

[CharleyO]

***

You are welcome. Let us know how it goes.


***

[Husk]

Mbam did not find then. Just one adware.

[Husk]

Either did Prevx CSI either. even though at the top of the page it said it did =Z Just 2 false positives

Will having it in the avast chest effect these scans?

It's hard to type with a zboard XD

[Husk]

I did some research and dc##.exe is an installer for heroes of might and magic 3 demo.

A0032801 is for a program called reddot.exe
HOMM2GOLD-dm.exe was for HOMAM demo
pack.exe I don't know
and SearchPluginInstaller I don't know either


The dcs are no longer detected as virus as some others aren't either. But What do I do now?

[Lisandro]

But What do I do now?

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[Husk]

uhh... sure

does cleaning my temp files mean deleting everything? And where's my temp files =P

When I put in boot scan - Do I chest them?

[YoKenny]

Download CCleaner as it does a good job of deleting temp files:
http://www.ccleaner.com/download <== make sure you un-check the Yahoo Toolbar if you do not want it 

The temp files just take up space and are not needed after use.

[Lisandro]

does cleaning my temp files mean deleting everything? And where's my temp files =P

You can use CleanUp or CCleaner for that.

When I put in boot scan - Do I chest them?

The system files, post the name here before sending to Chest.
The other files, you can send to Chest.

[Husk]

The bootscan found

pack.exe - Rootkit    http://www.prevx.com/filenames/X1446982697504338296-0/PACK2EEXE.html

GLB152.tmp\wise0003.bin error 42146   http://spywaredlls.prevx.com/RRBGGJ43570/GLB10.TMP.html
{installer archive is courrupt}

jar-cache 76250014
22891274992.tmp\main
_file\cache.dat error 42125  (number might be slighty wrong, I have bad hand writing

{zip archive is corrupt} (Cant find anything on this)

Thanks Kenny and Tech

upto step 3 =P

[Lisandro]

pack.exe - Rootkit    http://www.prevx.com/filenames/X1446982697504338296-0/PACK2EEXE.html

This is the one you must be worried about...

[Husk]

Thought So

Just scanned with SUPERantispyware and got the following

Adware.MyWebSearch/FunWebProducts
Adware.MyWebSearch-Installer
Adware.Tracking Cookie

Trojan.Dropper/Gen


All quarantined.


Now I have to scan for rootkits =P

[Husk]

Avast antirootkit found nothing