avast! Warning - Suspicious File Found (~.exe) ?

[Silverwing86]

Back again, had to get some much needed sleep as it was pushing towards 5 AM on this side of the world !

@Tarq57:
I only just noticed that you're a fellow kiwi , Kia Ora ! Your advice is spot on, but luckily I don't tend to jump in head first and do some research before I use any tools I'm not familiar with. I also want to be fairly sure that I'll be able to handle the tool with my limited knowledge as I wouldn't want to jump from the frying pan into the fire, so to speak .

Thank you very much for your advice and suggestions. You are right that the anti rootkit tools I found in my research all seemed to be a bit daunting to me so I haven't done anything else as yet. I'm hoping I got lucky and I managed to catch this in time. It may help that I don't restart my system every day (I use the 'hibernate' option quite a lot) ?

I would like to be sure though that nothing untoward is still going on in my system. Do you think I can/need to do anything more at this time to ensure this ?

The start up time for my laptop isn't something that was bothering me as such, but perhaps a bit of a clean up may not be a bad thing...

I'm not sure how I got Bonjour on my system (or what it's for really), but I think it may have come with Itunes ? I'll do some research on it and try and find out whether I really need it.

I wasn't aware that AdAware was not a desirable program, that suprised me a bit ! I installed it a while back to check whether my system was clean or not, based on some research on the Net. Is there a different program that would work better ?

Thanx also for the suggestion of Foxit. I mostly use Adobe Professional to be able to do advanced editing in .pdf documents and I wasn't aware that there was an alternative for the reader, will look into this as well.

I guess I should consider myself lucky that I'm such a newb when it comes to virusses and such as it means I have not been confronted with a lot of nasty situations before now. I used to run ZoneAlarm (paid), but I found it rather heavy on system resources which is why I was trying an alternative (being Avast!). I'm a bit worried now that these 'nasties' have managed to find their way into my system, could that have something to do with my Avast! settings or is it possibly due to using the free version ? I'm also using Comodo firewall (as you will have seen from my HijackThis log).

Again, I am most grateful for all the help I have received here, it is much appreciated ! I'm not sure I'll ever be able to return the favour due to my lack of knowledge in such matters, but I'll keep an eye on the forum and jump in if I feel I have something useful to contribute.

Cheers,
Silver

[YoKenny]

Comodo can be demanding on system resources.

What is the CPU speed and type and how much RAM does the system have?

Have you checked the CPU cooling fan for clogging like dust?
http://icrontic.com/articles/clean_laptop_heatsink

[Silverwing86]

Hi again Tarq57,

Interesting; I just found on Cnet that AdAware Free Anti Malware is the most popular Malware program with 1,420,083 downloads, followed by Malwarebytes Anit Malware with 576,628 downloads. I guess now that I have MBAM running, I should be covered for Malware protection ?

Hi YoKenny,

Here is some information on my system.

OS Name   Microsoft Windows XP Professional   
Version   5.1.2600 Service Pack 3 Build 2600   
System Manufacturer   Dell Inc.   
System Model   Precision M90   
System Type   X86-based PC   
Processor   x86 Family 6 Model 15 Stepping 6 GenuineIntel ~2163 Mhz   
Total Physical Memory   3,072.00 MB   
Available Physical Memory   1.77 GB   
Total Virtual Memory   2.00 GB   
Available Virtual Memory   1.96 GB   

I use the workstation (closed) on a docking station and make use of an external monitor and keyboard.

Any other suggestions for a firewall I could use instead of Comodo ?

No I haven't checked that. I've looked at the link you provided, but that looks very technical and complicated to me, I'm not sure I would dare do that ! I will see if I can find out at what temperature my system is running though...

Thanx !

Cheers,
Silver

[YoKenny]

Have a look at SpeedFan
http://www.almico.com/speedfan.php

Ad-Aware is popular on Cnet because it has been around a long time but it has not kept up to date with the current malware situation.

If the system is in a docking station then fan clogging may not be a problem.

Outpost Free or Pro is good:
http://www.agnitum.com/products/outpost

[Silverwing86]

Thanx muchly YoKenny, will look into both of those !

Ah, I see, that would explain things. I assume that I'm okay now though with MBAM ? If so, I'll remove AdAware from my system.

Cheers,
Silver

PS You guys are great !

[Tarq57]

Kia Ora Silverwing86.
Bonjour (mentioned earlier) is actually likely to be  apart of iTunes. I don't think there is any need to remove it unless you want to. If so, here is some information (including viewers replies and comments below) on how - and maybe why - to remove it. If the internet is behaving, and not having big slowdowns, you might be happy to leave it be.
PCPitstop has more info and recommendations.
If you have the "Pro" (paid for) edition of AdAware, I'd keep it, at least until the subscription expires. If no, remove it if you want. MBAM will do a similar but better job. Additional demand scanners I've used and consider OK to good include Superantispyware (SAS) and Asquared. (Asquared has had a reputation for false positives, believed to have improved recently. Works well on my machine.)

Plenty of users like Comodo's firewall (and D+ - a HIPS/behaviour blocker) but personally I found it a little demanding. If you're happy with it, and can work it out OK, hang onto it. If not, try out Outpost, or PCTools firewall (the one I use), or maybe Online Armour.
(It can be a hassle getting a new firewall; balance your need with how prepared you are to learn to use a different one.)

Generally, if installing a new firewall or AV, you should download all the files you need to make the switch (including uninstall tools if needed) so you can uninstall/install anew offline. Here is a link to a link for various uninstall utilities. (Not usually needed for firewalls).

I have found an excellent way to help avoid malware - some of which can be got just by going to a hacked site - doesn't have to be an unsavory site either, just a site using out of date hosting software - is to use the Firefox browser with an add-on called NoScript.

Alternatively set the permission for scripting in IE8 to "prompt", which is a bit of a PITA, as it can produce a lot of "must acknowledge" popups on some sites. A bit of learning required to understand and use this sort of thing. There's some good info on the Noscript site.

[Yanto.Chiang]

The other thing to note is that many antirootkit specialist tools need a little bit of knowledge to safely use.
If you were to delete all that was found with some of them, you'd do more damage than good.

So, Silverwings86, if you use such a tool, be sure to ask for help in interpreting the results before deleting what was found.

Yanto Chiang, the "free antirootkit" link you provided links to some programs that are out of date (no longer in existence), and with little real advice on how to use them.

Helpers generally: Now I'm not the sharpest tool in the shed, nor the most experienced.
But please be a little more orderly in what you are posting. The user has said she's inexperienced.
Help should be offered in a way that is actually help, rather than ideas, IMO. That would mean:
-A link to a specific program that is likely to do the job, from the homepage (or reputable mirror)
-Instructions on what to do with it,
-Interpretation and sound advice on what to do with the results.
And/or
-Intelligent/informed comment about how a situation might arise, as DavidR did above regarding an apparent scanning discrepancy

Stab in the dark random lists are overwhelming to some, and could potentially do damage.
Just my 2p.

Hi Tar,

Thanks for your information, anyway last time i found avast anti rootkit for free with GMER technology at there. Anda last time i didn't found avast anti rootkit anymore posted at there.


@ Silver : Selamat Siang, so have you solved your issues yet?

Regards,
Yanto Chiang

[Silverwing86]

Hi guys,

My apologies that I didn't get back to you yesterday, what with hubby being ill and all, didn't get around to the computer much.

@Tarq57:
Thanx very much for all the very helpful information and links, it is much appreciated !

I'm not having any problems currently with the Internet connection, but I'll still look into the Bonjour thing to see whether I really need it.

I don't have the paid version of AdAware and I've already decided to ditch it as I shouldn't really need it now that I have MBAM. Interestingly, I noticed last night that hubby is already using SuperAntiSpyware so I'll ask his experiences with that as well.

I like the way Comodo works for me, but it would be good to have something that's less heavy on resources. That said, I do need something that can 'learn' along the way as I'm not very knowledgeable (as you may have noticed ) so would have trouble 'teaching' a program what is right and what's not. I liked that about ZoneAlarm as well, I didn't need too much detailed knowledge to get it to work okay for me. I will look into the programs you mentioned, thanx !

Interestingly, as a previously very avid IE user, I have just recently switched to using FireFox because I was having trouble with IE since the upgrade to IE8 (it had problems retaining my History, a very important feature for me). I'm liking it quite well so far and will look into the No-Script addon, it sounds useful !

Thanx again Tarq57, you have been most helpful and patient ! I wish this forum had a reputation feature so I could add to yours !

@Yanto.Chiang:

Selamat Siang ! (in case you were wondering, I lived in Indonesia for 4 years when I was younger )

I think I got away lucky this time as the only thing I noticed with all this was the warning mentioned in my first post. Other than that I have had no issues whatsoever with my system and subsequent Avast! (thorough) scans show my system to be clean. I will be keeping a careful eye on it for a while though, just to be sure I didn't miss anything.

Thanx again to all of you, you all rock !

Cheers,
Silver

[Tarq57]

Thanx again Tarq57, you have been most helpful and patient ! I wish this forum had a reputation feature so I could add to yours !

You are more than welcome.
It wasn't that long ago I was a total beginner. Helping folk is usually its own reward (unless it all goes horribly wrong), but thank you very much for that comment!

I would consider Noscript vital when using Firefox. (Adblock Plus is useful, too.)

[Tarq57]

Is adblock plus freeware?

AG

[Yanto.Chiang]

Hi Silver,

No wonder you understand how to spell in bahasa.
So let me know, if you back to Indonesia and we can share each others. 

Good work for avast evangelist and all involved user in this forum.. at least one of our friends has solved his problem.

as i need to learn much from all of avast evangelist in this forum as well.

Regards,
Yanto Chiang

[Tarq57]

Hi Yanto Chiang,
Just a heads-up (warning): "Evangelist" means a high post count. Nothing more, nothing less. Although it is true that a lot of the Evangelists are very knowledgeable, not all are.
I count myself as roughly "intermediate".
Take each post as it's written, regardless of the status of the forum member.

[Silverwing86]

No wonder you understand how to spell in bahasa.
So let me know, if you back to Indonesia and we can share each others.

I thought you might have wondered about that ! Terimah Kasih, I will do, especially as I live a lot closer now than I used to (I originate from The Netherlands), it would be fun to meet up ...

Tarq57, you may not consider yourself an 'Evangelist', but I have found your contributions very helpful and especially patient and understanding of my meager knowledge in these matters. Highly commendable IMO !

Anyway, all is still well with my Workstation so far and in a few more posts I'll be able to access more options on this forum (so that I can for instance make it known that I am of the female persuasion ) ...

Cheers all,
Silver

[Tarq57]

I knew that from your chosen username. 

[Silverwing86]

I knew that from your chosen username. 

very good ! But it seems it was not obvious to everyone ...

Cheers,
Silver