Author Topic: Virus help needed! (Read 7837 times)

alsjack · « **Reply #15 on:** May 25, 2011, 06:39:20 PM »

Sorry David, in my eagerness to remove it, once I had stopped it running I got rid of it via the add/remove programs screen and forgot to find the file.

Anyway, it is gone now.

Thanks
Alan

DavidR · « **Reply #16 on:** May 25, 2011, 06:59:20 PM »

You're welcome.

essexboy · « **Reply #17 on:** May 25, 2011, 09:01:46 PM »

Not a great deal showing there - what are your current problems ?

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-2014454177-495743003-224157759-1005\] > -> HKEY_USERS\S-1-5-21-2014454177-495743003-224157759-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "ModemOnHold" -> C:\Program Files\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe]
< Run [HKEY_USERS\S-1-5-21-2014454177-495743003-224157759-1006\] > -> HKEY_USERS\S-1-5-21-2014454177-495743003-224157759-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "ModemOnHold" -> C:\Program Files\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\AVG\AVG10\avgmfapx.exe" -> [C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer]
[Files/Folders - Created Within 30 Days]
NY ->  AVG -> C:\Documents and Settings\Alan\Application Data\AVG
NY ->  AVG PC Tuneup 2011 -> C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
NY ->  AVG10 -> C:\Documents and Settings\Alan\Application Data\AVG10
NY ->  AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10
NY ->  AVG -> C:\Program Files\AVG
[File - Lop Check]
NY ->  AVG -> C:\Documents and Settings\Alan\Application Data\AVG
NY ->  AVG10 -> C:\Documents and Settings\Alan\Application Data\AVG10
NY ->  AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

alsjack · « **Reply #18 on:** May 25, 2011, 11:03:02 PM »

Hi Essexboy

Here is the log.

Many thanks for your help.

Alan

essexboy · « **Reply #19 on:** May 25, 2011, 11:17:59 PM »

What are your current problems

alsjack · « **Reply #20 on:** May 26, 2011, 12:15:52 AM »

After running the scans yesterday and posting the logs found in reply #7 I wanted to know if those logs were okay and that I had got rid of the problem.

Safe Surfs reply #9 suggested that my device was still infected with malware and that I shouldn't use it until hearing from yourself. So I waited until you posted and then did as you suggested.

At this time the only problem I seem to be having is as soon as I log on I get a Avast Security Reccomendation. First it was NetWaiting, which I got rid of, and currently it is for RealPlayer; please see attachment.

I guess I'm looking for reassurance that the logs I have posted do not indicate a malware issue on my device and that it is safe for me to continue to use.

Can you suggest why I should be receiving these security reccomendations?

Many thanks

Alan

DavidR · « **Reply #21 on:** May 26, 2011, 12:28:44 AM »

That is the autosandbox in action, the file system shield (FSS) does scan it and if a file doesn't meet a number of checks like, it isn't digitally signed, or is in a strange location or in the emulation part of the FSS does something that might be considered suspicious. Then it would be handed off to the autosandbox, where the user can decide on the action to take.

Bear in mind that the FSS hasn't alerted, which is a good thing, but I'm surprised realplay.exe isn't digitally signed as it is such a known product.

http://www.processlibrary.com/directory/files/realplay/24764/

So if you know you installed realplayer, you can choose to run it normally and check the option to remember your decision for this program, etc.

This is somewhat different to the NetWaiting before as a) you knew nothing about it and have never had a dial-up connection, so why it was on your system was somewhat of a mystery.

alsjack · « **Reply #22 on:** May 26, 2011, 12:52:45 AM »

Yes, I understand your comments David. Real Player had been installed so I was also surprised to see it come up.

I have chosen to run it normally and will just continue to monitor what's happening.

Thanks for your time and help.

Much appreciated

Alan

DavidR · « **Reply #23 on:** May 26, 2011, 02:14:00 AM »

You're welcome.

Author Topic: Virus help needed! (Read 7837 times)

alsjack

Re: Virus help needed!

DavidR

Re: Virus help needed!

essexboy

Re: Virus help needed!

alsjack

Re: Virus help needed!

essexboy

Re: Virus help needed!

alsjack

Re: Virus help needed!

DavidR

Re: Virus help needed!

alsjack

Re: Virus help needed!

DavidR

Re: Virus help needed!