« previous next »
Pages: [1]   Go Down

Author Topic: HELP!What shall I do?  (Read 6279 times)

0 Members and 1 Guest are viewing this topic.

chenjue26

  • Guest
HELP!What shall I do?
« on: January 03, 2011, 01:41:25 PM »
Each time I turn on my PC.There is a warning that some files are suspected to be infected.These files are always in C:\ProgramDate\Alwil Software\Avast5\arpot and their name changes everytime.The latest infected file is C:\ProgramDate\Alwil Software\Avast5\arpot\bc0d-1a4-10.dat. 
What shall I do now?
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: HELP!What shall I do?
« Reply #1 on: January 03, 2011, 01:46:57 PM »
what progam is detecting the infection ?

what is the malware name ?
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #2 on: January 03, 2011, 01:55:49 PM »
Avast did not tell me about it.It suggested me to upload the file to lab and two choices are given.One is delete another is ignore.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: HELP!What shall I do?
« Reply #3 on: January 03, 2011, 02:02:10 PM »
you should click ignore and upload to lab for analysis


So you are saying that avast is detecting 2 of it`s own files as suspicious ?.....strange

Quote
C:\ProgramDate\Alwil Software\Avast5\arpot
C:\ProgramDate\Alwil Software\Avast5\arpot\bc0d-1a4-10.dat


is your avast updated ?
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #4 on: January 03, 2011, 02:08:59 PM »
yes.My avast upgraded to 5.1.864 and it says my system is well protected.
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #5 on: January 03, 2011, 02:12:38 PM »
someting like this
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: HELP!What shall I do?
« Reply #6 on: January 03, 2011, 02:23:41 PM »
you should click upload to avast lab and ignore so that the file is not removed

but why it is detecting it`s own file.....have noe idea ?
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #7 on: January 03, 2011, 02:25:35 PM »
I don't know.But it happens everytime.It's quite strange.So I go to here for help.
Logged

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: HELP!What shall I do?
« Reply #8 on: January 04, 2011, 09:39:37 AM »
hey i suggest a scan with malwarebytes antimalware.

http://www.malwarebytes.org/

download, install, update and scan.

if malwarebytes comes up with anything hit remove. and please post the result here.

it sound like something have hit that computer. seens the infection is changing file name every time. just my thought on the problem.

good luck.
Logged
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #9 on: January 05, 2011, 07:17:24 PM »
well.I did a lightning quick scan and got the report.

memory:
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> No action taken.

registration table:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDDRV (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\SogouExplorer.AssocFile.HTM (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\SogouExplorer.HTTP (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Beike (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> No action taken.

Files:
c:\program files\drivethelife\iodrv.sys (Trojan.Agent) -> No action taken.
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> No action taken.
c:\Us
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: HELP!What shall I do?
« Reply #10 on: January 05, 2011, 11:21:51 PM »
your Malwarebytes log say no action taken ?

update Malwarebytes do a new scan and click the remove selected button to quarantine the infections

Post new log.....all of it
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #11 on: January 06, 2011, 06:32:24 AM »
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDDRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SogouExplorer.AssocFile.HTM (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SogouExplorer.HTTP (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Beike (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.

c:\program files\drivethelife\iodrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\Users\CJ\AppData\Roaming\microsoft
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: HELP!What shall I do?
« Reply #12 on: January 06, 2011, 07:33:56 AM »
Quote
Post new log.....all of it
I hope you updated the program before the scan ? if you had posted the hole log i could have seen

anyway, If you update and scan again, does Malwarebytes say Clean ?
Is your problem gone ?

« Last Edit: January 06, 2011, 08:13:23 AM by Pondus »
Logged

chenjue26

  • Guest
Re: HELP!What shall I do?
« Reply #13 on: January 09, 2011, 01:49:05 PM »
I'd like to... but the report is in chinese.I translated it by google.Hope you could read it.And the problem did not go.




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database Version: 5464

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011/1/6 13:19:58
mbam-log-2011-01-06 (13-19-58). txt

Scan type: Quick Scan
Scanned items: 140572
The passage of time 5 minutes, 57 seconds

The number of infected memory processes: 0
The number of infected memory module: 0
The number of infected registry entries: 23
The number of infected registry values: 0
The number of infected registry items: 0
The number of infected folder: 0
The number of infected files: 4

The number of infected memory processes:
(Not detected hazardous items)

The number of infected memory module:
(Not detected hazardous items)

The number of infected registry key:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ IDDRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Typelib \ {87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ {988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ {802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.XDownloadManager.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.XDownloadManager (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.ThunderIEHelper (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ SogouExplorer.AssocFile.HTM (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ SogouExplorer.HTTP (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ HTTP \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ file \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ htmlfile \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ https \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ mhtmlfile \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ xmlfile \ shell \ SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Beike (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.

The number of infected registry values:
(Not detected hazardous items)

The number of infected registry items:
(Not detected hazardous items)

The number of infected folder:
(Not detected hazardous items)

The number of infected files:
c: \ program files \ drivethelife \ iodrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c: \ program files \ thunder network \ Thunder \ ComDlls \ xunleibho_now.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c: \ Users \ CJ \ AppData \ Roaming \ microsoft


Logged
Pages: [1]   Go Up
« previous next »