Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast!4.7, Win32:autorun-r [trj], And A Novice Don't Mix Well


  • Please log in to reply
11 replies to this topic

#1 Busy Bee

Busy Bee

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 15 October 2007 - 10:57 AM

[size="4"][/size]Hi everyone, anyone who might be able to help me with this problem.

I am new to this Forum and I am also a novice in what comes to fixing computer problems, but let me tell you, boy do I have them (or my PC does anyway)

Long story short: my computer is running very slow: slow boot up - anything up to 45 minutes, lots of "program not responding" messages, slow opening folders and freezes at a drop of a hat, the mouse flickers, drags itself and aat times feels like it had a led ball and chain attached to it.

I have automatic Windows Update, antivirus, and in the last few weeks found out that I should have a few antispyware so I have installed a few. I update the almost daily. I have been running scans galore and reading lots about clening up the computer and the like and that is how I found out about this forum so I decided to post a CRY for help here. I shall include here a copy of my request for help to avast which includes a lot of info about my most pressing problems and hope that there is enough info in it. That follows below, but on top of that now my external drive is listed as an "unknown device" in Device Manager: it is a WD Elements 400Gb USB external disc drive formatted to NTFS.(my fault for that) all due tothe stuff that avast has been finding on my PC.

I have not received a reply from the avast! support section yet, but it has been a few days and I FEAR most of my files are now in the avast! Virus Chest.

I have done a Panda online scan - all nil results and the same with a full scan of my PC (thorough) with Superantispyware which took about 10.5 hours. I have done more scans than I can remember. I have followed the advice on the avast! web site regarding excluding the files that Panda puts into the system and that also did not stop avast finding the same problems.

I have thought about disabling system restore but I am worried that that would be a bigger disaster, that might leave me without anything reliable to restore from because my backup (Windows Back Utility B/Ups) of my full computer were in my external drive that MIGHT now have died on me.

Here are the details I spoke of above and I hope I am posting this in a good place in this forum. Please accept my appologies if this is not the correct place to post this. I also hope I have given an understandable explanation of my problems. Please let me kow if you need any more info.

I thank you a million in advance and anxiously await your reply.

1- My support request to avast follows with my PC info:

Hi everyone,

I know you are busy but I need some help.
I am very new to avast, installed avast on 01.OCT.2007.
1-Avast has found some viruses and other malware and now it does not acknowledge the scans in the simple user interface. The icon for the on access scanner is now also disappeared from the task bar. (This is now back to normal after reboot),

I was scanning for spyware with Uniblue SpyEraser, it found some infections and froze.
I have been getting warnings from avast!4.7, current virus database 000780-2. 11.10.2007.
2-I am having trouble with the MS Outlook 2003 profile – I get warnings saying that the profile in incorrect and it prompts me to choose a profile but only Outlook profile is showing, ie. There is no other profile to choose from. It did have the avast!4 profile before but it has disappeared.
3-the latest warning was: malaware was found! – File name D:\Program Fille\Alwil Software\Avast4\A0013128.DLL VIR,
Malaware name: Win32Adware-gen [Adw]
Malaware type: Adware, VPS version 000780-2, 11/10/2007.

I have been reading the help sections and the forum advice, but I have basic knowledge of computers and need tech help (like step by step please).
I have done the jotti’s scan and the results are below.
I am running Windows XP SP2 Home : my PC info is below:

Virus Protection


Up-to-date




Microsoft Security Updates


Up-to-date









Computer Profile Summary
Computer Name: Nela2 (in MSHOME)
Profile Date: Thursday, 4 October 2007 1:48:34 AM
Advisor Version: 7.2t
Windows Logon: User


Click here for Belarc's System Management products, for large and
small companies.

Operating System System Model
Windows XP Home Edition Service Pack 2 (build 2600) No details
available
Processor a Main Circuit Board b
3.00 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache No details available
Drives Memory Modules c,d
600.12 Gigabytes Usable Hard Drive Capacity
500.16 Gigabytes Hard Drive Free Space

_NEC DVD_RW ND-1300A [CD-ROM drive]
HL-DT-ST DVDRAM GSA-H10N [CD-ROM drive]
3.5" format removeable media [Floppy drive]

HP PSC 2355 USB Device [Hard drive] -- drive 3
ST3120022A [Hard drive] (120.03 GB) -- drive 1, s/n 3JT2J77S, rev
3.06, SMART Status: Healthy
WDC WD40 00AAJB-00UHA0 USB Device [Hard drive] (400.09 GB) -- drive
2
WDC WD800BB-00JHC0 [Hard drive] (80.03 GB) -- drive 0, s/n
WD-WMAM9CK52449, rev 05.01C05, SMART Status: Healthy 512 Megabytes
Installed Memory
Local Drive Volumes

c: (NTFS on drive 1)120.03 GB69.50 GB free
d: (NTFS on drive 0)80.02 GB65.70 GB free
h: (NTFS on drive 2)400.08 GB364.97 GB free

Network Drives
None detected
Users (mouse over user name for details) Printers
local user accountslast logon
Guest19/08/2007 6:42:13 PM
User2/10/2007 8:50:15 PM(admin)
local system accounts
Administrator14/06/2007 8:27:42 PM(admin)
ASPNETnever
HelpAssistantnever
SUPPORT_388945a0never


Marks a disabled account; Marks a locked account None
detected
Controllers Display
Standard floppy disk controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller]
SiS PCI IDE Controller NVIDIA GeForce FX 5200 (Microsoft
Corporation) [Display adapter]
Bus Adapters Multimedia
SiS 7001 PCI to USB Open Host Controller (2x)
SiS PCI to USB Enhanced Host Controller FlyTV P34+
SoundMAX Integrated Digital Audio
Standard Game Port
Communications Other Devices
PCI SoftV92 Speakerphone Modem


SiS 900-Based PCI Fast Ethernet Adapter

Networking Dns Server:
HP PSC 2350
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PS/2 Compatible Mouse
PSC 2350 series (DOT4USB)
USB Composite Device
USB Mass Storage Device (2x)
USB Printing Support
USB Root Hub (3x)
Virus Protection [Back to Top]
avast! antivirus 4.7.1043 [VPS 000778-1] Version 4.7.1043
Realtime File Scanning On

Missing Microsoft Security Hotfixes [Back to Top]

All required security hotfixes (using the 09/11/2007 Microsoft
Security Bulletin Summary) have been installed.


Installed Microsoft Hotfixes [Back to Top]
.NET Framework 2.0
KB917283 on 18/11/2006 (details...)
KB922770 on 18/11/2006 (details...)
KB928365 on 12/07/2007 (details...)
.NETFramework
1.1
S867460 (details...)
M928366 on 7/12/2007 (details...)
CAPICOM
KB931906 on 17/06/2007 (details...)
Microsoft .NET Framework 2.0
KB917283 on 7/12/2007 (details...)
KB922770 on 7/12/2007 (details...)
KB928365 on 7/12/2007 (details...)
MSXML4SP2
KB927978 on 17/06/2007 (details...)
KB936181 on 15/08/2007 (details...)
MSXML6
KB933579 on 22/08/2007 (details...)
Office Professional Edition 2003
KB887616[SP] on 17/11/2006 (details...)
KB894542 on 17/11/2006 (details...)
KB907417 on 17/11/2006 (details...)
KB913807 on 17/11/2006 (details...)
KB914455 on 17/11/2006 (details...)
KB919029 on 17/11/2006 (details...)
KB920813 on 22/05/2007 (details...)
KB923097 on 17/11/2006 (details...)
KB924085 on 22/05/2007 (details...)
KB925251 on 22/05/2007 (details...)
KB933669 on 22/05/2007 (details...)
KB934180 on 22/05/2007 (details...)
KB934181 on 22/05/2007 (details...)
KB936048 on 15/08/2007 (details...)
KB936677 on 26/09/2007 (details...)
KB940602 on 15/08/2007 (details...)
Windows Media Format 11 SDK
KB929399 (details...)
SP0
KB929399 on 21/08/2007 (details...)
Windows Media Format SDK
SP0
KB891122 on 17/11/2006 (details...)
Windows Media Player 10
KB917734_WMP10 (details...)
KB936782_WMP10 (details...)
SP0
KB917734_WMP10 on 17/11/2006 (details...)
SP2
KB936782_WMP10 on 15/08/2007 (details...)
Windows Media Player 11
KB936782_WMP11 (details...)
KB939683 (details...)
SP0
KB939683 on 26/09/2007 (details...)
SP2
KB936782_WMP11 on 21/08/2007 (details...)
Windows Media Player 6.4
KB925398_WMP64 (details...)
SP0
KB925398_WMP64 on 18/12/2006 (details...)
Windows Media Player 9
KB917734_WMP9 (details...)
SP0
KB917734_WMP9 on 9/11/2006 (details...)
Windows Media Player
SP0
KB911564 on 9/11/2006 (details...)
Windows XP
KB923689 (details...)
SP-1
KB909520 on 17/11/2006 (details...)
SP0
KB923689 on 18/12/2006 (details...)
KB928089 on 22/05/2007 (details...)
KB928090-IE7 on 5/05/2007 (details...)
KB929969 on 22/05/2007 (details...)
KB931768-IE7 on 22/05/2007 (details...)
KB933566-IE7 on 14/06/2007 (details...)
KB937143-IE7 on 15/08/2007 (details...)
KB938127-IE7 on 15/08/2007 (details...)
SP10
MSCOMPPACKV1 on 21/08/2007 (Microsoft
Compression Client Pack 1.0 for Windows XP)
SP3
KB873339 on 9/11/2006 (details...)
KB885835 on 9/11/2006 (details...)
KB885836 on 9/11/2006 (details...)
KB886185 on 9/11/2006 (details...)
KB887472 on 9/11/2006 (details...)
KB888302 on 9/11/2006 (details...)
KB890046 on 9/11/2006 (details...)
KB890859 on 9/11/2006 (details...)
KB891781 on 9/11/2006 (details...)
KB893756 on 9/11/2006 (details...)
KB893803V2 on 9/11/2006 (details...)
Windows XP
SP3 (continued)
KB894391 on 9/11/2006 (details...)
KB896344 on 17/11/2006 (details...)
KB896358 on 9/11/2006 (details...)
KB896423 on 9/11/2006 (details...)
KB896424 on 9/11/2006 (details...)
KB896428 on 9/11/2006 (details...)
KB898461 on 9/11/2006 (details...)
KB899587 on 9/11/2006 (details...)
KB899591 on 9/11/2006 (details...)
KB900485 on 9/11/2006 (details...)
KB900725 on 9/11/2006 (details...)
KB901017 on 9/11/2006 (details...)
KB901214 on 9/11/2006 (details...)
KB902400 on 9/11/2006 (details...)
KB904706 on 9/11/2006 (details...)
KB904942 on 10/11/2006 (details...)
KB905414 on 9/11/2006 (details...)
KB905749 on 9/11/2006 (details...)
KB908519 on 9/11/2006 (details...)
KB908531 on 9/11/2006 (details...)
KB910437 on 9/11/2006 (details...)
KB911280 on 9/11/2006 (details...)
KB911562 on 9/11/2006 (details...)
KB911567 on 9/11/2006 (details...)
KB911927 on 9/11/2006 (details...)
KB912919 on 9/11/2006 (details...)
KB913580 on 9/11/2006 (details...)
KB914388 on 9/11/2006 (details...)
KB914389 on 9/11/2006 (details...)
KB914440 on 10/11/2006 (details...) Reinstall!
KB915865 on 10/11/2006 (details...)
KB916595 on 9/11/2006 (details...)
KB917344 on 9/11/2006 (details...)
KB917422 on 9/11/2006 (details...)
KB917953 on 9/11/2006 (details...)
KB918118 on 22/05/2007 (details...)
KB918439 on 9/11/2006 (details...)
KB918899 on 9/11/2006 (details...)
KB919007 on 9/11/2006 (details...)
KB920213 on 16/11/2006 (details...)
KB920214 on 9/11/2006 (details...)
KB920342 on 17/11/2006 (details...)
KB920670 on 9/11/2006 (details...)
KB920683 on 9/11/2006 (details...)
KB920685 on 9/11/2006 (details...)
KB920872 on 9/11/2006 (details...)
KB921398 on 9/11/2006 (details...)
KB921503 on 15/08/2007 (details...)
KB921883 on 9/11/2006 (details...)
KB922582 on 9/11/2006 (details...)
KB922616 on 9/11/2006 (details...)
KB922819 on 9/11/2006 (details...)
KB923191 on 9/11/2006 (details...)
KB923414 on 9/11/2006 (details...)
KB923694 on 18/12/2006 (details...)
KB923980 on 16/11/2006 (details...)
KB924191 on 9/11/2006 (details...)
KB924270 on 16/11/2006 (details...)
KB924496 on 9/11/2006 (details...)
KB924667 on 22/05/2007 (details...)
KB925486 on 9/11/2006 (details...)
KB925720 on 22/08/2007 (details...)
KB925902 on 5/05/2007 (details...)
KB926239 on 21/08/2007 (details...)
KB926255 on 18/12/2006 (details...)
KB926436 on 5/05/2007 (details...)
KB927779 on 5/05/2007 (details...)
KB927802 on 5/05/2007 (details...)
KB927891 on 23/05/2007 (details...)
KB928255 on 5/05/2007 (details...)
KB928843 on 5/05/2007 (details...)
KB929120 on 18/12/2006 (details...)
KB929123 on 14/06/2007 (details...)
KB930178 on 5/05/2007 (details...)
KB930916 on 22/05/2007 (details...)
KB931261 on 5/05/2007 (details...)
KB931784 on 5/05/2007 (details...)
KB931836 on 22/05/2007 (details...)
KB932168 on 5/05/2007 (details...)
KB933360 on 26/09/2007 (details...)
KB935839 on 14/06/2007 (details...)
KB935840 on 14/06/2007 (details...)
KB936021 on 15/08/2007 (details...)
KB936357 on 12/07/2007 (details...)
KB938828 on 15/08/2007 (details...)
KB938829 on 15/08/2007 (details...)
Windows
SP1
IDNMITIGATIONAPIS on 10/11/2006 (Microsoft
Internationalized Domain Names Mitigation APIs)
NLSDOWNLEVELMAPPING on 10/11/2006 (Microsoft
National Language Support Downlevel APIs)
XML Paper Specification Shared Components Pack 1.0
XPSEPSC (XML Paper Specification Shared Components
Pack 1.0)



Click here to see all available Microsoft security hotfixes for this
computer.

Marks a security hotfix (using the 09/11/2007 Microsoft
Security Bulletin Summary)
Marks a security hotFix that fails verification (a
security vulnerability)
Marks a hotfix that verifies correctly
Marks a hotfix that fails verification (note that failing
hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification



Software Versions (mouse over * for details, click * for location)
[Back to Top]
Adobe Acrobat Reader Version 5.0.5.0 *
Adobe Acrobat Version 8.0.0.0 *
Adobe Reader Version 8.1.0.2007051100 *
Ahead software - NeroMediaPlayer Version 1, 4, 0, 32 *
Ahead Software AG - Nero BackItUp Restore Version 1, 2, 0, 61 *
Ahead Software AG - Nero BackItUp Scheduler Version 1, 2, 0, 61 *
Ahead Software AG - Nero BackItUp Version 1, 2, 0, 61 *
Ahead Software AG - Nero Burning ROM Version 6, 6, 0, 19 *
Ahead Software AG - Nero Photosnap image editor Version 1.1.0.5 *
Ahead Software AG - Nero Photosnap Viewer Version 1.1.0.5 *
Ahead Software AG - Nero StartSmart Version 2, 0, 0, 29 *
Ahead Software Gmbh NeroCheck Version 1, 0, 0, 2 *
ALWIL Software - avast! Antivirus Version 4, 7, 0, 0 *
Analog Devices, Inc. - DLSLoader Application Version 3, 0, 211, 0 *
Analog Devices, Inc. - SoundMAX Integrated Digital Audio Version 3,
2, 12, 0 *
Analog Devices, Inc. - SoundMAX service agent Version 3, 2, 6, 0 *
Apple Inc. - iTunes Version 7.4.2.4 *
Apple Inc. - QuickTime QuickTime 7.2 *
Apple Mobile Device Service Version 1, 14, 0, 0 *
Apple Software Update Version 2.0.2.92 *
ArcSoft Inc. - PhotoBase Version 3.0.0.106 *
ArcSoft PhotoStudio Version 5.0.0.53 *
Australian Taxation Office ECS - Installs IF 4.2 and e-Record v5.0b3
Version 5.3.1.0 *
Backup Software *
Belarc, Inc. - Advisor Version 7.2t *
CANON INC. - CanoScan Toolbox Application Version 4.1.2.2 *
Cinematronics - 3D Pinball Version 5.1.2600.2180 *
CyberLink Corp. - CLDMA Version 1, 0, 0, 2502 *
CyberLink Corp. - PowerDVD Version 5.00.1307 *
Eastman Kodak Company - Kodak EasyShare software Version 2, 1, 0, 55
*
EnDisService Application Version 1, 0, 0, 1 *
Express Burn *
FileNet Desktop eForms Version 4.2 *
Golden Records *
Hewlett-Packard - HP Redbox Version 1.0.0.33 *
Hewlett-Packard - ICE Version 3,0,0,76 *
Hewlett-Packard Co. - hp digital imaging - hp all-in-one series
Version 043.001.005.000 *
Hewlett-Packard Co. - hp system diagnostics Version 1.4.0.0 *
Hewlett-Packard Company - hp coretech (COmponent REuse TECHnology)
Version 2.1.5 *
Hewlett-Packard Company - HP Memories Disc Creator Software Version
1.0.4.0 *
Hewlett-Packard Company - HP Software Update Application Version 2,
0, 37, 0 *
Hewlett-Packard hpwuSchd Version 2, 0, 39, 0 *
honestech - PC Camera Plus Application Version 1, 0, 0, 1 *
HP DeskJet Version 2,140,0,0 *
HP PML Version 8, 0, 0, 0 *
HpqPhUnl Application Version 4.0.0.204 *
I.R.I.S. SA - readiris Version 5, 0, 0, 1 *
InstallDriver Module Version 7.07 *
Kodak Live Update *
Lavasoft - Process Watch Version 1.0.0.0 *
Lavasoft AB - Ad-Aware 2007 Service Version 7, 0, 2, 3 *
Lavasoft AB - Ad-Aware 2007 Version 7.0.0.0 *
Lavasoft AB - Ad-Watch 7 Version 7.0 *
Lavasoft AB - Update Manager Version 1.0.0.0 *
Lavasoft Hosts File Edit Version 1.0.0.3 *
Macromedia, Inc. - Shockwave Flash Version 5.4.98.7 *
Microsoft ® Windows Script Host Version 5.6.0.8820 *
Microsoft Application Error Reporting Version 11.0.8160 * Microsoft
Clip Organizer Version 11.0.6551 *
Microsoft Corporation - DirectX 8.0 Sample Version 8.00 *
Microsoft Corporation - Internet Explorer Version 7.00.6000.16512 *
Microsoft Corporation - Messenger Version 4.7.3001 *
Microsoft Corporation - Messenger Version 8.1.0178 *
Microsoft Corporation - Office Source Engine Version 11.0.5525 *
Microsoft Corporation - Windows Defender Version 1.1.1593.0 *
Microsoft Corporation - Windows Installer - Unicode Version
3.1.4000.1823 *
Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Corporation - Zone.com Version 1.2.626.1 *
Microsoft Data Access Components Version 3.525.1117.0 *
Microsoft Office 2003 Version 11.0.8146 *
Microsoft Office Document Imaging Version 11.0.1897.0 *
Microsoft Office InfoPath Version 11.0.5510 *
Microsoft Office Outlook Version 11.0.8118 *
Microsoft Office Picture Manager Version 11.0.6550 *
Microsoft Office Save My Settings/Profile Wizard Version 11.0.5510 *

Microsoft SQL Server Version 8.00.760 *
Microsoft Windows Version 4.00 *
Microsoft® .NET Framework Version 2.0.50727.832 *
Microsoft® .NET Framework Version 3.0.4506.30 *
Nero AG - Cover Designer Version 2, 3, 0, 46 *
Nero AG - InfoTool Application Version 3, 0, 7, 0 *
Nero AG - SpecialOffer Application Version 1, 0, 0, 3 *
Nero CD - DVD Speed Version 4, 1, 1, 0 *
Nero DriveSpeed Version 3, 0, 6, 0 *
NeroVision Version 3,1,0,16 *
Nokia - Launch Application Version 1, 0, 0, 0 *
Nokia Audio Manager 4.0 Version 4, 0, 0, 42 *
Nokia Contacts Editor Version 1,0 *
Nokia Multimedia Player Version 1, 1, 0, 0 *
Nokia PC Suite Version 5, 0 *
Nokia Sound Converter Version 2,0 *
Nokia Tray Application Version 1, 0, 0, 0 *
PIXELA ImageMixer Version 1.5.2.0 *
ScanSoft Inc. - Scanner Wizard Version 3.0.244.0 *
ScanSoft, Inc - OmniPage SE Version 11.0 *
Schedule OCR *
Seagate Technology - SeaTools for Windows Version 1.1.0.7 *
Sun Microsystems, Inc. - Java™ Platform SE 6 U2 Version 6.0.20.6
*
SuperAdBlocker.com - BootSafe Application Version 1, 0, 0, 1002 *
SUPERAntiSpyware Version 3, 9, 0, 1008 *
Switch *
TeVeo's VIDiO Suite Version 1.01.0004 *
Time Information Services Ltd. - LogViewer Application Version 7.00
*
Trend Micro Anti-Spam Version 3.56 *
Trend Micro Anti-Spyware Version 3.50 *
Trend Micro Inc. - HijackThis Version 2.00.0002 *
Trend Micro Internet Security Version 15.30.0 *
Uniblue Registry Booster Version 2.0.1107.3564 *
Uniblue Software - SpeedUpMyPC Version 3.5.2356.130 *
Uniblue Software - SpyEraser Version 1.5.1.1476 *
Uniblue Software Limited - System Tweaker Version 1.00.0761 *
UpdateIPR.exe *
WavePad *
Wizards to adjust .NET Framework security, assign trust to
assemblies, and fix broken .NET applications. Version 1.0.5000.0 *
Yahoo! Messenger Version 8,1,0,195 *



* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were
busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the
Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some
memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact
system vendor if slot contents are wrong.
e. This may be the manufacturer's factory installed product key
rather than yours.
Copyright 2000-7, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.



Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1


File to upload & scan:

Service
Service load:
0% 100%

File: A0013130.inf.vir
Status: INFECTED/MALWARE
MD5: 086004f0d39c02922265a55058d71b05
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 12 Oct 2007 01:32:41 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.AAGA.1
ArcaVir Found Trojan.Autorun.K
Avast Found Win32:Autorun-R
AVG Antivirus Found nothing
BitDefender Found Trojan.Agent.AAGA
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Virus.Win32.AutoRun.k
Fortinet Found nothing
Kaspersky Anti-Virus Found Virus.Win32.AutoRun.k
NOD32 Found INF/Autorun
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/AutoInf-A
VirusBuster Found nothing
VBA32 Found nothing

Powered by




Statistics
Last file scanned at least one scanner reported something about: 复件_(3)_set_up.vmp.exe (MD5: 8dd87a9deeb195bd3a2048bd9c20b81e, size: 338944 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Delphi.Downloader.Gen
ArcaVir X
Avast Win32:Virtualizer
AVG Antivirus X
BitDefender X
ClamAV Trojan.Crypted-3
CPsecure X
Dr.Web BackDoor.Pigeon.1604
F-Prot Antivirus Possibly a new variant of W32/Threat-HLLIN-based!Maximus
F-Secure Anti-Virus Packed.Win32.Klone.af
Fortinet X
Kaspersky Anti-Virus Packed.Win32.Klone.af
NOD32 probably a variant of Win32/Genetik
Norman Virus Control Hupigon.gen162
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus Mal/EncPk-AE
VirusBuster X
VBA32 MalwareScope.Trojan-PSW.Game.14


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

...........................................................................................................................

I have disabled Trend Micro Internet Security 2007 and TM Antispyware trial version but I tried to uninstall them in several ways and at different times without success.
NOTE: I had made backup using the Windows BackUp Utility but I suppose they were infected and I think avast or something else deleted or something because I do not see them in my external drive anymore. So I am pretty sure my System Restore is useless too – riddled with virus and other malaware which I am trying to clean. I REALLY NEED HELP!!!!
I have copied a lot of stuff from my PC on to cds and dvds but those are also infected. I do not know what or how to do to fix these problems.

Please excuse me for the trouble, but I do not have enough knowledge to fix these problem on my own. I do really need your help.
Hope you can help me or direct me to where or how I can find the required help.
Much appreciated.


OK, I hope that gives someone who finds this topic "disturbing" enough info to start with.

HELP!!!! PRETTY PLEASE!!! WITH CHERRY ON THE TOP!!!!!!
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 15 October 2007 - 12:29 PM

You said you are getting messages, what do they say and what program is providing them?

When a program quarantines a file or moves it into a virus vault (chest), that file is safely held there (and no longer a threat) until you take action to delete it. One reason for doing this is to prevent deletion of an essential file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure.

When the file in the vault is known to be bad, you can delete it at any time.

If you are not sure about files in quarantine, investigate each one with a Google search or use the BC's File Database to determine what they are.

Info on Worm.Win32.AutoRun.r. Were you able to remove it?

If so and your not finding any malware during all your scans, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 17 October 2007 - 08:39 AM

Hello quietman7,

Thank you for your reply and advice. Sorry I am slow with my resposes. I am in a different time of the day on this side of the world.

I tried to reply yesterday but got bombed out, hope it works this time.

I have checked out most of the advice on the links you have provided me with but am still working on it.

I might not have explained my warnings and scan results properly.

I did a Panda scan a few days ago and cleaned everything it showed and then did a new scan a couple of days later and that produced nil infections.

I did scans with 3 or four different ansispyware programs which I am happy to provide you with if so required, I do not understand much of it and most of the time I just quaratine the results and leave them there.

The warnings I have been getting are from the avast!4.7 scanners and I could not upload it to BC, did not know how (yet)
Below is the avast!4.7 warning that prompted me to seek help in this forum:

" Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: D:\DOCUME~1\User\LOCALS~1\Temp\_avast4_\unp264008885.tmp
FileID: 0000000002 Original file name: C:\System Volume Information\_restore{7079273C-C632-4F82-A31C-55AD21792138}\RP52\A0013127.inf New folder: D:\DOCUME~1\User\LOCALS~1\Temp\_avast4_\unp264008885.tmp\2.inf

Scan files in the temporary folder: D:\DOCUME~1\User\LOCALS~1\Temp\_avast4_\unp264008885.tmp
D:\DOCUME~1\User\LOCALS~1\Temp\_avast4_\unp264008885.tmp\2.inf Win32:Autorun-R [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully! "

That is just one of them. I do get others but this one is always the first in the series of warnings. There are also kernel32.dll, winsock32.dll and wsock32.dll in the chest marked with - no virus- .

I want to get rid of the currently stored restore points because I think they all have the same problem BUT I am warried that I will not be able to recover the use of my external hard drive were I had put my back ups, (all infected with something of course, and the same with my cd & dvd backups). This is what is worrying me most right now - getting the external drive back to disc instead of "unknown device". I would appreciate your help on this.

As for the "it might not be malware", well I am 100% sure I have the malaware problems as well as the other problems that affect performance and I know for a fact I have bigish problems, like loads of clutter, missing files and paths and the list goes for a mile and a half. :thumbsup: . I am pretty sure I have most of the problems indicated in that article.

I don't know what to tackle first so I had opted for cleaning the malware but in the process, it looks like I am creating a bigger mess in my system.

I did not find a way to figure out with certainty if the warning is a false positive or not. The first time I saw any reference to autorun in general on my PC was after I got the external drive about 2 months ago. PC-Cillin did not mention anything like that but I decided to try avast because PC-cillin consumes a lot of resources and the system was already slow as it was and continues to be.

So I am just lost. I have just been trying to keep scanning with different antispyware programs to see if they would pick up the same things.

After your post I downloaded a-squared and did a full scan :

"a-squared Anti-Malware - Version 3.0
Last update: 16/10/2007 11:21:19 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 16/10/2007 2:28:31 PM

D:\Program Files\KODAK\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe detected: Adware.BackWeb.a
D:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe detected: Adware.BackWeb.a
D:\System Volume Information\_restore{7079273C-C632-4F82-A31C-55AD21792138}\RP112\A0015751.dll detected: Adware.Win32.RK.m

Scanned

Files: 545743
Traces: 338923
Cookies: 36
Processes: 48

Found

Files: 3
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 16/10/2007 10:40:13 PM
Scan time: 8:11:42 AM

D:\System Volume Information\_restore{7079273C-C632-4F82-A31C-55AD21792138}\RP112\A0015751.dll Quarantined Adware.Win32.RK.m
D:\Program Files\KODAK\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe Quarantined Adware.BackWeb.a
D:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe Quarantined Adware.BackWeb.a

Quarantined

Files: 3
Traces: 0
Cookies: 0 "

I would appreciate if you could give me some suggestions or point me in the right direction to at least figure out what happenned to my external drive.

Your help is very much appreciated.

Hope to hear from you soon

Busy Bee :flowers:
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 17 October 2007 - 09:34 AM

Avast provided you notification of what it detected and what action it took. In your case, avast detected bad files in the System Volume Information Folder (SVI) which is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. Avast then moved these files to a folder it creates for such files and advised "Action was completed successfully".

There are also kernel32.dll, winsock32.dll and wsock32.dll in the chest marked with - no virus...


kernel32.dll, winsock.dll, wsock32.dll are all legit system files automatically backed up by avast! when installed. Copies of them are placed in the Chest as backup for additional protection in case the originals become corrupted and you need to restore them. You only need to be concerned with files in the "Infected files" section of the Chest.

RejZoR at the avast! Forum wrote:

This is a backup of clean system files, so you can restore them in case of serious infection.

kernel32.dll and winsock.dll in virus chest

The Virus Chest is an isolated folder where infected files can be stored when detected by avast. Moving these files in the chest disables their usage and prevents them from causing any harm to your system. The System folder of avast Virus Chest stores vital system files to prevent them from viral infection. The files are still functional, but access to them by any source is blocked until they are removed from that location.

From what you describe about the autorun file, it appears to have been from a flash drive infection. These types of infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable) and automatically executes a malicious autorun.bat file which calls wscript.exe to run autorun.vbs on your computer. When a flash drive becomes infected, the Trojan will infect a system when the flash drive is inserted if autorun has not been disabled. Although it looks like Avast did its job, lets double-check.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

I want to get rid of the currently stored restore points because I think they
all have the same problem

The easiest and safest way to do that is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

...I am warried that I will not be able to recover the use of my external hard drive were I had put my back ups, (all infected with something of course, and the same with my cd & dvd backups).

If your backup files on the external drive are infected and it is showing as an unknown device that you cannot scan with your anti-virus, a reformat of that drive may be something you should consider. For your backups on cd/dvd, let your anti-virus scan them for infected files. If any are infected, they should be removed. Whatever you can salvage you can put back on your external drive once its been reformatted and working properly again. I'm not a hardware expert so if you need assistance with that, you may want to post a separate topic in the hardware forum to address that aspect only.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 17 October 2007 - 12:09 PM

Hi quiteman7,

Got your last post and confirmed some of my suspicions.

I downloaded and ran the Flash_Disinfector.exe. Plugged in the MP4 and let it run till it said "done". ok it
Ran it again and plugged in the MP3 and let it run again. This time I could see the H:, I: and J: drives again which are respectively: the external drive H:, the MP4 I: and the MP3 J: along with mass storage device G: which I think is my printer(with memory card slots) (This is how it was before the external drive got "damaged")

Windows recognised the MP3 for what it is and informed that the device was ready to be used.

BUT: then I went to check My Computer and the drive letters are now different and the Safely Remove Hardware icon in the system tray is now showing two drives to remove in the same line. I clicked it and I got a warning:

windows - no disk Exception Processing Message - c0000013 Parameters 75b6bf9c 4 75b6b9c 75b6bf9c

I could not close the wanning window at first or the safely revome hardware screen, MY Computer stopped responding, tried to close a few times, then it finaly closed and the windows no disk warning closed as well.

so I clicked again on the SRH and clicked the MP3 - now it shows two of them as g: & h: - The MP3 looks fine, I was able to open it and the music files are still there.

So I plugged the MP4 again to check if it was good but a yellow triangle warning appears in the system tray from the SRH icon : this device has malfunctioned and windows does not recognise it. I think that the original VIRUS might have come from this MP4 - some movie files and music video clips that the seller installed for my partner.

Then when I plug in the external drive it is also not recognised by windows - with same warning.

Should I install the MP4 software or would that complicate matters?

Definitely - windows does NOT recognise the external drive or the MP4 I tried running the desinfection with the devices plugged into different USB ports.

I shall wait for your advice on the above before I continue.

I will in the meantime create a new restore point, and will post a new topic in hardware later this morning. And discuss the ext. HD before I get rid of the current restore point stored in the system.

I think I may conclude at least that the usb ports are working ok.

Too much thinking and not enough knowledge or sleep does not help either so I shall say good night for now, or I should say good morning.

Thanks so much for the help. Talk again soon.

Busy Bee :thumbsup:
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 17 October 2007 - 12:35 PM

I think that the original VIRUS might have come from this MP4

Probably so. We are seeing more and more of these type of infections coming from removable media and files that you describe.

When doing a search on the net for no disk Exception Processing Message, you will find a lot of complaints with various causes and possible solutions. What works for one person may not work for another.

Should I install the MP4 software or would that complicate matters?

I think you should get some assistance in the Hardware forum before installing any software. You need to get the issues with your external drive resolved and that is not an area I have expertise in.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 18 October 2007 - 02:12 AM

Hello quiteman7,

I agree 100% with you. I will seek help in the hardware forum before anything else.

I am reading up on the no disc exception message and I will post back in a few days with any any developments. In the meantime I will also keep workig on the info you gave me in the previous posts.

Right now I feel like I need someone to pull my reins to make me slow down before I do something out of desperation to make matters ev :thumbsup: en worse.

I get sidetracked on what the priorities should be and I get pretty confused at times.


Very thankfull for your advice.

Be Back in a while.

Busy Bee
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 18 October 2007 - 06:46 AM

Your welcome and good luck with the hardware issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 21 October 2007 - 11:45 PM

Hello again quiteman7,

Hope you are well since my last post.

As I promised I am back to give you my results on my Ext. Hard Drive.

I have great news: :thumbsup: My External Hard Drive is back and everything in it and it is now "clean" too.

I followed your advice: I scanned my PC a few times with a-Squared, Superantispyware, SpywareTerminator and ad-Aware 2007. Some of the scans I did in safe mode. and cleaned up whatever they found.

Dowloaded and ran Frash-Disinfector with a few of my USB devices including my EHDD. I had to run it a few times before the EHDD came back to NORMAL.

I also updated the EHDD driver from the manufactorer's website.

Now I am not getting any virus alerts from avast!4.7 anymore and my PC is going a little faster too, but I still have to continue the cleanup process that BC advises in the "Slow Computer/Browser? Check here first; It May Not Be Malware" section. (under way). I will start a new topic if I still have any troubles after I finish the clean up.

I was going to post the EHDD problem in the Hardware forum but as I was reading the advice there before posting, I also found good advice there that helped with my PC problem and did not end up having to ask any questions to that forum as it turned out that it was not a hardware problem.


I am ecstatic with the help in the whole of the BC site. WOW . When you have a computer problem, there is no better place to look for help in.

I want you to know that I enormously appreciate the help you provided me with and I also want to thank everyone who contributed as well as the whole of BC.


You are totaly amazing.


Cheers,

See you around the forum.

Busy Bee
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 22 October 2007 - 09:03 AM

That's good news and thank you for the kind words about BC.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "The Ten Most Dangerous Things Users Do Online".
• "The 10 Biggest Security Risks".
• "Seven ways to keep your search history private".

Safe surfing and have a malware free day. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:07:29 AM

Posted 23 October 2007 - 01:14 AM

Thanks again quietman7.
You have given me tons of food for thought. I am using all the info in the links to clean up other little things that are still pestering me.

I have other questions for BC forums but I will keep cleaning up a bit more before I post another question because some of the issues might be resolved by the cleaning up process I am following from the BC articles.

Best wishes, and see you around the forum,

Busy Bee
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 PM

Posted 23 October 2007 - 08:19 AM

:thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users