Author Topic: invalid file signature  (Read 11317 times)

0 Members and 1 Guest are viewing this topic.

rgood

  • Guest
Re: invalid file signature
« Reply #15 on: December 23, 2010, 12:03:05 AM »
Ran uninstall on AVG and Security Essentials.

Ran AVAST uninstall utility.

Installed AVAST, again.

Same results. Invalid file signature.

Ran Mbam full scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5378

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2010 5:52:50 PM
mbam-log-2010-12-22 (17-52-44).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 187737
Time elapsed: 38 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\enmuop8v\profile1[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\enmuop8v\right-gutter-bkg[1].gif (Extension.Mismatch) -> No action taken.

Quarantined those files.

While the scan was running I got a pop-up that said the firefox file was corrupt, and to run scan disk.

SafeSurf

  • Guest
Re: invalid file signature
« Reply #16 on: December 23, 2010, 11:38:54 AM »
Files Infected:
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\enmuop8v\profile1[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\enmuop8v\right-gutter-bkg[1].gif (Extension.Mismatch) -> No action taken.
MBAM said "No action taken" therefore the infection is still in your machine, so how did you quarantine it?  Did you update MBAM again and run it again to quarantine it?  This would be the only way.  If you deleted it, this is not the same as quarantine.  Please clarify what action you took with these infections...look in the MBAM "Log" tab to see what is there and report back.  Thank you.

While the scan was running I got a pop-up that said the firefox file was corrupt, and to run scan disk.
I'm assuming you rebooted in between doing all the uninstalls of AVG and MSE, and Avast, then did the clean Avast install...correct?  When did you get this FF pop-up (file corrupt)?  What scan did you run?  An Avast scan?  Which one and what did it report (please be specific with exact file name or give a screen shot).

Are you being redirected to other web sites when online?  How is your machine acting now?  Is Avast working properly now?  If it is, please make sure your Avast definitions are up to date and run an Avast boot-time scan and report back the results.

After this, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0

Follow the directions of the OTL logs (save them as ANSI and not Unicode).  When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.  Update MBAM and rescan (Quick Scan).  Post the MBAM log here and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  I will review the logs and if needed refer you to our Certified Malware Expert.

Please let me know if you have any questions.  Thank you.