Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False positive in AVG for win32/heur virus?


  • Please log in to reply
15 replies to this topic

#1 Sicielo

Sicielo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 27 April 2011 - 11:05 AM

I recently unearthed an old copy of one of my favorite computer strategy games, and, for good measure, I decided to run a scan on the archive using AVG. The result is as follows:

"C:\Games\StrategyGame.zip:\StrategyGame\TERRANX.ICD"
"Virus found Win32/Heur"
"Infected"

I proceeded to find a thread on this forum that recommends installing and scanning with Malwarebytes' Anti-Malware. When the scan result showed that no malicious objects were found in the archive (or anywhere on my computer), I decided I'd try extracting the suspicious file and running it through http://virusscan.Jotti.org.
Here is the result:
http://virusscan.jotti.org/en/scanresult/d6d1598cc19acff90f7012343aced607a21a5ec2

Most anti-virus scanners do not recognize the file as the win32 heur virus. I never experienced anything odd with the game in past years, but that was on an entirely different computer.

Is it safe to assume that AVG is giving me a false positive?

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:12 AM

Posted 02 May 2011 - 01:56 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
Update and rescan with Malwarebytes Anti-Malware and post the log.

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 03 May 2011 - 06:31 AM

Is it safe to assume that AVG is giving me a false positive?

If you suspect a file was falsely detected (a false positive) or appears suspicious, then you should submit a sample to the vendor so they can investigate and take corrective action if confirmed. Please refer to:If the file has been placed in the Virus Vault, then follow these directions:-- Even though the instructions say if you suspect the file is clean but you still have doubts, submit anyway using this method.

You should also contact and advise the vendor that their program is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

If it is a confirmed false detection, you can restore the file from quarantine or ignore the detection until the database is corrected and no longer will detect it.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 01:30 AM

Thanks for the replies, and thank you very much in advance for your expertise!

I ran the suggested programs, and here are the results:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2011 4:02:20 PM
mbam-log-2011-05-03 (16-02-20).txt

Scan type: Quick scan
Objects scanned: 168096
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


For SUPERAntiSpyware all the detected problems fixed easily and don't appear to be related to my game at all.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2011 at 09:45 PM

Application Version : 4.51.1000

Core Rules Database Version : 6981
Trace Rules Database Version: 4793

Scan type : Complete Scan
Total Scan Time : 05:34:40

Memory items scanned : 278
Memory threats detected : 0
Registry items scanned : 6318
Registry threats detected : 1
File items scanned : 79516
File threats detected : 48

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\Sicielo\Application Data\Mozilla\Firefox\Profiles\ty2ip4b4.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
pixel.invitemedia.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.mysitetraffic.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.mysitetraffic.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\Sicielo\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]


For GMER I tried temporarily disabling AVG (for 10 minutes). It remained disabled all the way through the beginning of the file scan portion, but it still detected what appear to be AVG software related items. I'm not sure how to disable AVG completely other than by going into msconfig and guessing at what to disable. Hopefully the scan results will be enough without doing that. *shrug* Please let me know if I need to do anything differently.

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-04 00:15:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3400832AS rev.3.03
Running: ex0n883b.exe; Driver: C:\DOCUME~1\Sky\LOCALS~1\Temp\pxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF762687E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF77686C0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7626BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF7768770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7768810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF77688B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{4E5496E2-24FA-53D9-FF0F-B609969011A6}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{4E5496E2-24FA-53D9-FF0F-B609969011A6}\InProcServer32@jacglglehcapodbnhgio 0x6A 0x61 0x65 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4E5496E2-24FA-53D9-FF0F-B609969011A6}\InProcServer32@iacgbjnphidloflfik 0x6A 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E5496E2-24FA-53D9-FF0F-B609969011A6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E5496E2-24FA-53D9-FF0F-B609969011A6}@haoekokkehejodim 0x6A 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E5496E2-24FA-53D9-FF0F-B609969011A6}@iaiejadkopkkkeckap 0x6A 0x61 0x65 0x70 ...

---- EOF - GMER 1.0.15 ----



#5 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 01:39 AM

You should also contact and advise the vendor that their program is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

Thanks for the links and advice. If there's any doubt left after this I will follow those directions. As far as contacting the vendor, I'm afraid that's improbable since the game comes from an unknown uploader. Back when I downloaded it I used different antivirus software and it didn't detect anything, so I played it, then I kept the game archive for future use after I got bored with it.

#6 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 01:50 AM

... also, regarding the GMER results, I do use Lavasoft's Ad-Aware, which I shut off before scanning, but it appears to have been detected anyway, like AVG and the Microsoft Filesystem Filter Manager. Under the Registry section I'm completely lost however.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:12 AM

Posted 04 May 2011 - 04:46 AM

Can you run a full scan with Malwarebytes?

#8 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 12:28 PM

Sure thing.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6504

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/4/2011 10:58:07 AM
mbam-log-2011-05-04 (10-58-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 256214
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:12 AM

Posted 04 May 2011 - 04:30 PM

I would remove Ad-Aware and use Malwarebytes and Super Anti-spyware for antimalware/spyware tools.

#10 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 06:46 PM

Sounds good to me. I've heard many good things about those two. They look like quality stuff. I also use Spybot Search and Destroy (which I did shut down during the GMER scan). Is Spybot-SD necessary if I use both Malwarebytes and Super Anti-spyware with AVG?

I changed the scanner options in Super Anti-spyware for the last scan. What settings would you recommended for continued use?

Are there any other tests that might reveal whether the file in question is dangerous, or am I good to go?

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:12 AM

Posted 04 May 2011 - 07:20 PM

I would feel that you are good to go.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 04 May 2011 - 09:44 PM

Recomended settings are shown in How to use SUPERAntiSpyware to scan and remove malware from your computer (Step 11)

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#13 Sicielo

Sicielo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 04 May 2011 - 10:06 PM

Thanks to both of you for your help and excellent advice!

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 05 May 2011 - 06:01 AM

cryptodan did all the work...I just added a few comments.

Nonetheless, you're welcome.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:12 AM

Posted 05 May 2011 - 06:42 AM

Quietman just supplemented my work, and made sure I was providing the right information. We both assisted you, and I learned things from quietman.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users