Author Topic: Scan Threat  (Read 47136 times)

0 Members and 1 Guest are viewing this topic.

AKatRT

  • Guest
Scan Threat
« on: October 15, 2010, 10:07:12 AM »
After avast scan have the following threat warning show up:Win32:Enistery [Susp]
File name is: C:\Windows\Temp\TMPFE4E.tmp; but there are many files listed all with a different TMP identifyer.
When trying to move to chest, delete, repair, the result is: Error:System cannot find the file specified (2)
Have reran scans several times, every time with the same result.

can anyone help with this please? andre'

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37582
  • Not a avast user
Re: Scan Threat
« Reply #1 on: October 15, 2010, 10:12:19 AM »
Try this

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

rescan with avast! and see if it is gone ?

also check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

Report the result...

AKatRT

  • Guest
Re: Scan Threat
« Reply #2 on: October 15, 2010, 08:58:21 PM »
Many thanks!!

Fantastically quick response and the right answer as well. The first solution mentioned - tfc - did the trick. Avast scan afterwards still identified the threat, however I was now able to move to chest.

Again, thank you!

AKatRT

  • Guest
Re: Scan Threat - RECURRENCE (pondus)
« Reply #3 on: October 17, 2010, 10:28:50 AM »
Celebrated too early...... I normally put the machine in 'sleep' mode but when I shut down and restarted the problem recurred exactly as before. So the same problem is now back. I then ran the Malwarebytes option - it found nothing. By the way I ran Malwarebytes right after Avast re-identified the earlier problem at start-up. See log below for Malwarebytes scan.
Any other suggestions please to get rid of this porblem? Thanks.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4853

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/16/2010 11:17:32 PM
mbam-log-2010-10-16 (23-17-32).txt

Scan type: Quick scan
Objects scanned: 147256
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detecte

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37582
  • Not a avast user
Re: Scan Threat
« Reply #4 on: October 17, 2010, 10:44:41 AM »
you can try running some more cleaners if you want ?

SuperAntiSpyware 4.44.1000 http://filehippo.com/download_superantispyware/ 
Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us

Norman and DrWeb is not installed, you save to desktop and run from there, when done you can just drag them to the bin
« Last Edit: October 17, 2010, 10:50:38 AM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37582
  • Not a avast user
Re: Scan Threat
« Reply #5 on: October 17, 2010, 10:46:33 AM »
If none of the above work, then do this

Follow this guide form our expert malware remover Essexboy and post the log`s here
http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )

AKatRT

  • Guest
Re: Scan Threat
« Reply #6 on: October 17, 2010, 11:06:28 AM »
Thanks again Pondus. Let me try all of that and see what happens. Will post the results.

AKatRT

  • Guest
Re: Scan Threat
« Reply #7 on: October 27, 2010, 02:28:08 PM »
Pondus, just to keep you posted, I continue to have issues but have not exhausted all of your suggestions. I thought I had things fixed and then I suddenly got a Windows Vista start-up problem. Could not get to the desktop window in vista due to a windows error messsage that said: "Microsoft Visual C++ Runtime Library -> This application  has requested the runtime to terminate it in an unusual way. Please contact the application's support team for more information." Of course Microdoft does not help due to the OEM status of my package.Impossible to get past this error message. Have to then shut down, restart F8 (Toshiba laptop) and go to an earlier restore point, in order to get Vista running again and circumvent the error message. But every time I shut down and restart the problem recurs. I just ran Avast again and it gives the original virus detection problem. Now running Norman as per your suggestion. It'a pain. But like I said, not everything doen yet that you had suggested. Hope the Vista thing is not something "in addition to", but is related to the original virus threat. Thanks.       

AKatRT

  • Guest
Re: Scan Threat / Pondus / Essexboy
« Reply #8 on: October 29, 2010, 11:06:39 PM »
So, all done as suggested. MBAM and OTL logs are attached. I earlier ran all the suggested cleaners. Trojan.Blabkmailer.1680 was found and moved by DrWebCureIt. Problems persist: (1) Avast keeps finding the infected TEMP files as mentioned in the earlier post and remains unable to clean. (2) Windows Vista at start-up runs into the error message on Microsoft Visual C++ that is mentioned in the earlier post. I have done a repair on Visual C++ but appears to have no effect. Would appreciate help. Thanks. Andre'   

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Scan Threat
« Reply #9 on: October 29, 2010, 11:08:56 PM »
Hi the log was saved in Unicode, could you save it in ANSI please

AKatRT

  • Guest
Re: Scan Threat
« Reply #10 on: October 29, 2010, 11:11:14 PM »
Thank you but would not know how unfortunately

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Scan Threat
« Reply #11 on: October 29, 2010, 11:13:28 PM »
Have a quick look at my picture, open the log then select save as and ensure that ANSI is selected

AKatRT

  • Guest
Re: Scan Threat
« Reply #12 on: October 29, 2010, 11:34:56 PM »
Finally, sorry, couldn't find the darn things anymore. Hopefully better now. Thanks!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Scan Threat
« Reply #13 on: October 29, 2010, 11:44:10 PM »
A question - did you install windows remote management ?

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

AKatRT

  • Guest
Re: Scan Threat
« Reply #14 on: October 29, 2010, 11:46:22 PM »
NO, did not install remote mgmt. Will do the combo fix now. Thanks.