Author Topic: Scanning for virus  (Read 5946 times)

0 Members and 1 Guest are viewing this topic.

jeffthepoet

  • Guest
Scanning for virus
« on: December 28, 2009, 09:17:15 PM »
How do I check to see if I have a virus? I have Avast 4.8 home edition. Yesterday I had a "Trojan Horse" get blocked.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: Scanning for virus
« Reply #1 on: December 28, 2009, 09:37:49 PM »
have you tried

Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php


Check your computer for Malware with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button "remove selected" to quarantine anything found, and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found other than cookies you may post the scan logs here

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Scanning for virus
« Reply #2 on: December 28, 2009, 10:28:07 PM »
How do I check to see if I have a virus? I have Avast 4.8 home edition. Yesterday I had a "Trojan Horse" get blocked.

So was this avast that blocked a trojan ?

If so - What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
 
- Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
####
When posting URLs to suspect sites, change the http to hXXp so the link isn't active (clickable) avoiding accidental exposure.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jeffthepoet

  • Guest
Re: Scanning for virus
« Reply #3 on: December 29, 2009, 05:03:08 AM »
Thank you Pondus and DavidR.

Avast blocked the "Trojan Horse." I used the Boot time Avast and scanned my computer which found a Malware virus. I put it in the virus chest and unplugged my cable as directed. Below is what came up as my computer virus. Did Avast stop my computer from being infected, and is it safe to use? I'm on another computer now. Do I need to do more to rid the virus?

Thanks again,

  Jeff

file name: C:\valetmls\bin\libicalss3250.dll

malware name: Win32:Malware-gen

malware type: Virus/Worm

vps version: Virus/Worm

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Scanning for virus
« Reply #4 on: December 29, 2009, 03:35:31 PM »
You're welcome.

Given the location and name C:\valetmls\bin\libicalss3250.dll, is this a program that you are familiar with and has it been on your system for a while ?

Quote
Valet MLS uses Microsoft's MSXML Parser 3.0 to read and convert XML. This is software that comes with Microsoft's Internet Explorer 6.0

Ring any bells, whilst it is possible that this could be something else entirely. A Google search - libicalss3250.dll - did not match any documents, this however isn't unusual, but for it to be associated with the above I would have expected it to be found on a search (so a little suspicion there).

I would download, update, run both applications suggested by Pondus and report their findings.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: Scanning for virus
« Reply #5 on: December 29, 2009, 05:45:10 PM »
***

libicalss3250.dll does not show up on ProcessList.com neither.


***

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Scanning for virus
« Reply #6 on: December 29, 2009, 06:43:06 PM »
I doubt it would if it didn't show up on a google search. I guess we will have to wait for more feedback.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jeffthepoet

  • Guest
Re: Scanning for virus
« Reply #7 on: December 29, 2009, 07:39:43 PM »
Hi DavidR and CharleyO,

Thank you for your time. I ran the Avast program that says it eliminates viruses and the file "C:\valetmls\bin\libicalss3250.dll" has been removed from the chest. This file is familiar being a real estate multiple listings site. I am going to remove it off the computer. I ran the suggested links with downloads and updates that Pondus recommended with the results below. Doesn't Avast eliminate viruses? Spyware wants me to buy their software.

Thank you,

  Jeff

pctools.com
Spyware Doctor says I have

4 threats and 72 infections

Trojan.PSGuard_Desktop_Hijacker
http://www.pctools.com/en/mrc/infections/id/Trojan.PSGuard_Desktop_Hijacker?cclick=LearnMoreClick_46&PID=0&product=Spyware%20Doctor&subproduct=NRMA&version=7%2E0%2E0%2E514&code=0%2D0%2D0%2D0&suversion=7%2E0%2E0%2E67&osversion=6%2E0%2E6001%2E2&osspack=Service%20Pack%201&sulang=en&platform=32

Trojan.Popuper
http://www.pctools.com/en/mrc/infections/id/Trojan.Popuper?cclick=LearnMoreClick_46&PID=0&product=Spyware%20Doctor&subproduct=NRMA&version=7%2E0%2E0%2E514&code=0%2D0%2D0%2D0&suversion=7%2E0%2E0%2E67&osversion=6%2E0%2E6001%2E2&osspack=Service%20Pack%201&sulang=en&platform=32

Application.TrackingCookies
http://www.pctools.com/en/mrc/infections/id/Application.TrackingCookies?cclick=LearnMoreClick_46&PID=0&product=Spyware%20Doctor&subproduct=NRMA&version=7%2E0%2E0%2E514&code=0%2D0%2D0%2D0&suversion=7%2E0%2E0%2E67&osversion=6%2E0%2E6001%2E2&osspack=Service%20Pack%201&sulang=en&platform=32

Adware.Advertising
http://www.pctools.com/en/mrc/infections/id/Adware.Advertising?cclick=LearnMoreClick_46&PID=0&product=Spyware%20Doctor&subproduct=NRMA&version=7%2E0%2E0%2E514&code=0%2D0%2D0%2D0&suversion=7%2E0%2E0%2E67&osversion=6%2E0%2E6001%2E2&osspack=Service%20Pack%201&sulang=en&platform=32

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: Scanning for virus
« Reply #8 on: December 29, 2009, 09:03:44 PM »
Quote
I ran the suggested links with downloads and updates that Pondus recommended with the results below.

Quote
pctools.com Spyware Doctor says I have 4 threats and 72 infections
I did not recomend pctools spyware doctor
If you follow the links a gave you will get "Malwarebytes Antimalware" and "SUPERAntiSpyware"
and they will remove the infections for free

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Scanning for virus
« Reply #9 on: December 29, 2009, 09:12:00 PM »
Since the file/program is familiar, which I presume has been on the system for some time and the detection is generic, it should be further investigated. So you should have left the file in the chest where it can do no harm anyway, see #### below. Never rush to delete as you have zero options left, so what is suggested below may be a moot point if you haven't got or can't obtain a copy of the file.

- The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security