BleepingComputer.com: Windows Vista Infected with RogueMultiAV

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Windows Vista Infected with RogueMultiAV

#1 User is offline   cliffcav 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 31-March 11

Posted 31 March 2011 - 10:10 AM

Hey Guys,

I am in desperate need of some help. We have a malware issue on several computers and it appears to be the same issue with all of them.
Malware bytes finds 100+ infected items but cannot delete them.
e.g.
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows defender\ave.exe (Rogue.MultipleAV) -> Delete on reboot.
c:\users\administrator\appdata\local\temp\avg\ave.exe (Trojan.MultipleAV) -> Delete on reboot.

I attempted to delete these files by navigating to them or writing a script and both cases reveal that those files do not exist. None of them, I have tried to find all 100+ infected files with no success.

I have run combofix, which immediatly improved some of the original issues, including not being able to dowload and run anything ending in .exe from internet explorer.

I have even turned off system restore and run both combofix and malwarebytes again only to be left with the same result.

Again I say, help please.

-Cliff

Windows Vista
Service Pack 2
Fujitsu Lifebook T-Series
P.S. this is also happening on our windows 7 pcs.

#2 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,516
  • Joined: 09-July 05
  • Gender:Male
  • Location:Virginia, USA

Posted 31 March 2011 - 11:00 AM

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. With that said, please read the pinned topic ComboFix usage, Questions, Help? - Look here.

Since you already ran Combofix, it should have saved a log to the root directory, usually C:\ComboFix.txt. Please read the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users