Update-is now Trojan-gen- as of Fri nite. Help

[Tarq57]

PS, forgot to mention, important, during the set up of this program, opt out of installing the Yahoo toolbar. (On by default.) Unless you want the cursed thing, of course. 

[Therese Kean]

Tarq57
Thanks for latest post will be sorting it out tomorrow re Ccleaner
Am still looking for the SAS log again tomorrow just no time today to look at, it I must admit am getting a bit worried just opening and turning on my laptop. Do we ever get to the bottom of this and clear things out.?
Thanks for your help todate.
 

[superhacker]

Hi Tree,

I am not evangelist yet, and i am still beginner too,

brother yanto.chiang:
not all evangelist are super persons in pc
and not all newbie are super newbie.
you make your self,since i came here may be in september/2009 i dont feel my knowledge base has been updated here"to be honest i learn some things from other members"and i came here as newbie
tech start as newbie"ofcourse as name not as a person",davidr,rejzor,yokenny,bob..............................all of us start as newbie.
remember"build your self,and knowledge by learning and the word is "hack to learn not learn to hack"http://catb.org/~esr/faqs/hacker-howto.html
4 shwi liang:
there is no avast 5.288 yet

[Tarq57]

Thanks for latest post will be sorting it out tomorrow re Ccleaner
Am still looking for the SAS log again tomorrow just no time today to look at, it I must admit am getting a bit worried just opening and turning on my laptop. Do we ever get to the bottom of this and clear things out.?
Thanks for your help todate.

If you use Windows XP, look for the folder titled "logs" in the folder : C:\Documents and Settings\(your username)\Application Data\Superantispyware.
If you use Vista, look for it in C:\Users\(your username)\Application Data\Superantispyware.
[edit] You will probably have to show hidden and system files to find/enter this folder.

[Therese Kean]

 :'(That smiley was me last night. as in the middle of an Avast "thorough scan" the familiar sound of yet another Virus alert sounded I waited a bit as I wrote down its name etc then when I went to send to Chest the computor froze, so I didn't get it into the chest.
I immediatly did a bootscan, which told me that all was well. so I closed up shop and got some sleep.
Today I did another "Thorough Scan' and got the Alert and this time was able to send to chest.

This is what I got-
C/Documents and Settings/User/Local Settings/Temp/WER354c.d
Malware name
Win32-Delf-€HWF[TRJ]
Malware type Trogan Horse
VPS version-091126-0.26/11/2009

My Event viewer tells me that the above file is a SASpyware!!!!! file.
Do I do what???
Will attach if I can the event viewer and will try the Log thiny for SAS as have found it but cant read it very much
Well its a negative onthe attach stuff will keep trying.
I will go ahead with Ccleaner downlosd page unless you guys have any other suggestions.
Is this all part of my learning!!!!!
I was just a little worried about what all this action is doing to my computor
By the way I have "XP"

[Tarq57]

Don't worry too much about that detection, yet.
Best to do one thing at a time. No need to keep doing thorough scans with Avast, until we have determined what is at play, and is it still at play, and what needs to be done with it.

It is quite possible it was a temporary file created by SAS, that contains information resembling malware, without being malware itself.
(Or maybe not.)

Now. Why can't you read the SAS logfile? Is it in some kind of code, like crypted? (Sample below, if it attaches/displays correctly.)
It should be a simple text file that opens in notepad, if it's not, please advise, also advise the full path and file name, including the suffix.

Attaching it should be a simple process using the "additional options" button to the lower left of the forum reply window. It is size limited, but a scan log should not exceed that limit.

If you don't want to faff around downloading Ccleaner, try ATF Cleaner, from MajorGeeks, by Atribune. (I include the second link just so you can, if you want, check the pedigree of the program.)
This one is downloaded by clicking on one of the links immediately below the animated "downloads" chevron. It will run from the download location - might as well save it to your desktop. When it is opened, tick the boxes as per my picture, click on "empty selected", it will take a few seconds then let you know how much space has been freed.

What we are doing should not hurt your computer. If there is malware present, that could be doing some harm, which is what I'm trying to find out, and if possible fix.
Once we are at a certain point, I'll ask for help from one of the forums malware experts, because there are a few here who know a bit more about it than yours truly! But I know enough to be helping you through these stages.

[Therese Kean]

Re SAS file I found it in Logfile -as you attach - but was heaps of words but not intelligent. cannot find that now.
Have looked hard but cant get it.
Found notepad but dont know haw to attach it as my system doesnt give me close enough options without attaching the whole SAS file
have figured out how to look at repairs log
It is within SAS scan log main file and cannot attach it, cause simply cannot get to that file.
Sorry It is probably easy to find but cant do it.
Have done the Ccleaner as you sugestted the other day.
did all the files and ticks as you said but was a bit concerene to clean the "cookies files" Will I be able to access the sites where these cookies have been enabled if I clean them? especially some main pages I use.


 

[Therese Kean]

Sorry I took so long to reply but took Sat off just needed something else to worry about other than this computer

[Tarq57]

..but was a bit concerene to clean the "cookies files" Will I be able to access the sites where these cookies have been enabled if I clean them? especially some main pages I use.

See the below picture for how to manage the cookies you want kept vs those you don't. You click on the cookie/s you want to keep, to highlight them, then click the right arrow. The right hand pane is the whitelist (cookies to keep). The left  pane is those that will be deleted. Works, too!

If the wrong cookies are deleted, you can still access the sites concerned, but your preferences and any auto- login will be gone, until you log in again.

Don't worry any more about attaching the SAS log. Sounds like it's going to be too major a hassle to work out, especially as I can't coach you - I don't have SAS installed.

If you navigate to the folder/file "C/Documents and Settings/User/Local Settings/Temp/WER354c.d" (if it is still there) what happens if you try and delete the file? It's a temp file, so no harm should come of it (especially if it's a baddy.)
Once this is done just don't delete the recycle bin for a few days until you see how the computer is working.

I'd do another scan with SAS or MBAM, just to be sure.
If the same thing keeps coming back we'll need to do something else, but I wouldn't be surprised if all is well.
If something else is found, sent it to quarantine, reboot, do another scan.
At some poing you might want to defrag your drive. Good maintenance. (Start>all programs>accessories>system tools>disk defragmenter.) Takes about 5-10 minutes, depending on the space occupied on the hard drive.

[Therese Kean]

Hi Tarq,
went looking for that file my computer searched everywhere and the file is not there cant be found . I assume that is a good thing?
Re the SAS file ( I want to follow through with it mainly for my learning Im a bit stubborn like that) On an earlier post you gave me an address C:\Documents and Settings \(your username) Application Data\Superantispyware - I have tried searching for this address and I get told this is an invalid file no can do infact. The user name is that what I use as on my computor acct? as I have no user name for SAS.
Will have a look at the "cookies " thing tomorrow as a bit late
Thanks for all your help
I am starting to think that just maybe I can turn on my Laptop and not get anymore Alerts !!!!!! would be nice. 

[Tarq57]

Try browsing your computer for the SAS file. Open "my computer" then "C:\" then "Documents and settings" and there will be quite a few folders in there to choose from. My one has my name on it, followed by a string of eight alphanumerics. It is the name I registered the computer as when activating the installation. (See the "general" tab in "system".)
Once you've found that folder, open it up, see if you can find what you're looking for.
Probably the reason you couldn't find it by typing in the address bar was that you had the wrong username?

Anyway, I'm starting to think that you are probably correct. The malware is probably gone. Further research is just making sure (as we do.)
If you still are getting alerts when running your computer, though, further action is definitely needed. How long since you got an alert?

You're welcome for the help.

[Therese Kean]

Hi Tarq
Last alert was Fri 27th, 4 days ago. Will def do as you suggest ie SAS scan reboot etc.
As you can see  I have been able to find those files and download them.
.I am keeping a note book beside me now and writting down as I go. I forget easy
Actuallly when I worked out how to get it, the address I followed hasn't been correct, I right clicked on My Documents and went to "Explore" which gave me everything so I followed the address through that and found it.
 will do the scan and defrag today,
If all is well here
What happens to the files in chest and SAS Quarantine?
SAS only picked up the "Cookies" files
MAM gave me an all clear all the time
Avast alerted me everytime (could do a poem here{not intentional}
Boot scan missed the last alert ( was that asyou say maybe it was a TEMP file)
So the questions will start with the above re chest etc and  was it the type of virus that MAM missed it ?
I have a few more but that will do and what about protection ? should I have something else on from avast
The Avast on access scanner is on High in all of them.

[Therese Kean]

Tarq
There are more files those two are the ones I thought you would like to see since I now know how to get them let me know and will upload the rest.

[mkis]

About yr access scanners - No, you want Normal on your Provider Configuration for now, not High. That is the default Normal, so you don't want too sensitive. you can modify later if you want, once yr used to the avast program.

Seems you're doing well, but takes a bit of time learning all the ins and outs. You learn fast, and Tarq keep you on good track.

Are you still getting alerts on avast scan? And is that alert about a detection? Or are the scans coming up clean now? 

[Therese Kean]

Hi to another 'Kiwi"-mkis
Have adjusted the access scanners to normal - Thanks for that.
The last Alert on 27th was for a virus detction it was moved to the chest - that was the last one and the scans -I did a thorough scan was good that was done on Sat
As I haven't had much computer time till today will be scanning in a minute and let you all know the results.
Thanks for your help.
T