Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think pc is infected with Win32:Trojan-gen and Trojan horse Generic14.FPT


  • This topic is locked This topic is locked
26 replies to this topic

#1 andy_uv

andy_uv

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 10 December 2009 - 02:32 AM

I think pc is infected with Win32:Trojan-gen and Trojan horse Generic14.FPT and
possibly with more unknow malware/spyware...help required



Hello Friends

I believe my PC is infected.
Day before Yesterday night I had a complete scan of my PC using AVAST antivirus

and it did not show any infection.I keep my antivirus software completely upto

date I have a screensaver which when avtivated, activates the avast antivirus to

scan files randomly and it's displayed on the screen. After complete scanning of

my PC later in the day when the scrensaver activated the avast antivirus to scan

files randomly, it detected the following VIRUS infection - Win32:Trojan-gen in

couple of my installed software application which I had not used last couple of

days.I moved the files to the virus vault.
In addition to AVAST AV I have installed the following PC protection softwares

and I keep them upto date.

Spybot Search & Destroy
AVG Free 8.5
Ad-Aware
Spyware terminator
Malwarebytes Anti- Malware
Windows Defender

I scanned using the above softwares and the results were negative.

Two days back AVG Free AV reported the software app for playing DVD files on my

PC as infected,the infection being Trojan horse Generic14.FPT. I immediately

uninstalled it and tried to do a fresh installation of the same app (HERO DVD

player)and during installation I again got the warning saying the installation

file is infected. Is it possible for the only single installation file (Set up

file) to get infected if its not touched for a long time. Similarly the main

setup file of some other app were also reported as infected although they have

been in my harddisk untouched for a long time.

Simillary couple of days back my system restore files were also infected which i

removed by deleting the system restore file.
Right now I have the installation file (Set up file) of some programs used

regularly saved on my hardidsk and am unsure if any of them are infected.
I would also like to add that my AVG AV detected 'trojan: Win32/HRC' while routine scanning.

Kindly guide what need to be done to ensure all infection IF ANY are cleaned.How

do i ensure right now my system is infection free?
I read on your site abt softwware like combofix ...I downloaded it but has not

yet run it.

Pls guide.


I have downloaded DDS from this site and ran a complete scan and the DDS text file is pasted below and the Attach text file is zipped and attached along with this mail

In anticipation.

kindly guide
In anticipaion

Thanks



DDS (Ver_09-12-01.01) - NTFSx86
Run by Sudhir at 11:33:38.56 on Thu 12/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2029.1240 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1368 [VPS 091208-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Windows Defender 32\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Avast\aswUpdSv.exe
E:\Ad-Aware Aniversary edition\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
E:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
E:\AVGANT~1\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\NERO (ULTRA) 7\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\AVGANT~1\avgrsx.exe
E:\AVGANT~1\avgnsx.exe
E:\SQL 2005 Standard Edition\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\SQL 2005 Standard Edition\MSSQL.2\OLAP\bin\msmdsrv.exe
E:\SQL 2005 Standard Edition\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
E:\Spyware Terminator 2.3.0.487\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\AVGANT~1\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
E:\AVG Anti-Virus\avgcsrvx.exe
E:\Avast\ashMaiSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
E:\AVGANT~1\avgtray.exe
E:\Spyware Terminator 2.3.0.487\Spyware Terminator\SpywareTerminatorShield.exe
E:\Avast\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Windows Defender 32\MSASCui.exe
E:\NERO (ULTRA) 7\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Ad-Aware Aniversary edition\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sudhir\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - e:\orbit downloader 2.8.1\orbitdownloader\orbitcth.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\avg anti-virus\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - e:\program files\star downloader\SDIEInt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - e:\orbit downloader 2.8.1\orbitdownloader\GrabPro.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] e:\avgant~1\avgtray.exe
mRun: [SpywareTerminator] "e:\spyware terminator 2.3.0.487\spyware terminator\SpywareTerminatorShield.exe"
mRun: [avast!] "e:\avast\ashDisp.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Defender] "e:\windows defender 32\MSASCui.exe" -hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] e:\nero (ultra) 7\nero 7\incd\InCD.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Clean Traces
IE: &Download by Orbit - e:\orbit downloader 2.8.1\orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP
IE: &Grab video by Orbit - e:\orbit downloader 2.8.1\orbitdownloader\orbitmxt.dll/204
IE: + &Download Express: download this file - e:\download express 1.9\download express\Add_Url.htm
IE: Do&wnload selected by Orbit - e:\orbit downloader 2.8.1\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbit downloader 2.8.1\orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP
IE: Download with Star Downloader - e:\program files\star downloader\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: {3EB8A198-71CC-4320-A9BD-F1BFA633D7FB} = 59.185.0.23,59.185.0.50,203.94.227.70,203.94.243.70
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\avg anti-virus\avgpp.dll
Name-Space Handler: FTP\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - e:\download express 1.9\download express\mdpph.dll
Name-Space Handler: HTTP\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - e:\download express 1.9\download express\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - e:\download express 1.9\download express\mdpph.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\windows defender 32\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sudhir\applic~1\mozilla\firefox\profiles\2r1e3uhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: e:\firefox\mozilla firefox\plugins\npstar.dll
FF - plugin: e:\realoneplayerv2gold\netscape6\nppl3260.dll
FF - plugin: e:\realoneplayerv2gold\netscape6\nprjplug.dll
FF - plugin: e:\realoneplayerv2gold\netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
e:\firefox\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-4 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-1 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-8-31 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-16 20560]
R2 avast! Antivirus;avast! Antivirus;e:\avast\ashServ.exe [2008-10-16 138680]
R2 avg8emc;AVG8 E-mail Scanner;e:\avgant~1\avgemc.exe [2008-7-3 908056]
R2 avg8wd;AVG8 WatchDog;e:\avgant~1\avgwdsvc.exe [2008-7-3 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\ad-aware aniversary edition\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);e:\sql 2005 standard edition\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
R2 WinDefend;Windows Defender;e:\windows defender 32\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;e:\avast\ashMaiSv.exe [2008-10-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;e:\avast\ashWebSv.exe [2008-10-16 352920]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-7-6 16512]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;e:\visual studio 2005\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-12-08 17:52:49 0 d-----w- C:\Download
2009-12-08 13:15:48 151040 ----a-w- c:\windows\UNINST32.EXE
2009-12-08 13:12:11 1206 ----a-w- c:\windows\STHDVD.INI
2009-12-08 13:11:47 1532 ------w- c:\windows\MENUTHEME.INI
2009-12-08 13:11:47 1266 ------w- c:\windows\DVDAMP.INI
2009-12-04 01:09:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 10:19:36 0 d-----w- c:\windows\Internet Logs
2009-12-03 08:34:53 0 d-----w- c:\docume~1\sudhir\applic~1\CheckPoint
2009-12-03 08:34:36 0 d-----w- c:\program files\CheckPoint
2009-12-02 18:44:22 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2009-11-23 18:35:52 249856 ------w- c:\windows\Setup1.exe
2009-11-23 18:35:51 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-19 06:03:02 0 d-----w- C:\Driver
2009-11-19 06:02:55 74 ---ha-w- c:\windows\ACLASS.DMF
2009-11-19 06:02:52 57344 ------w- c:\windows\dvdrgn.exe
2009-11-19 06:02:52 25 ----a-w- c:\windows\UCMDPPG.ETF
2009-11-19 06:01:54 0 d-----w- c:\program files\common files\Ulead Systems
2009-11-16 01:09:46 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-16 01:09:46 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-16 01:09:39 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-16 01:09:39 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-16 01:09:32 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-16 01:09:32 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-12-03 10:44:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 10:43:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 10:14:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-04 16:14:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-02 15:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 11:34:07.98 ===============

Attached Files


Edited by andy_uv, 10 December 2009 - 02:38 AM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 21 December 2009 - 10:47 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 22 December 2009 - 01:00 PM

Hi,

Thanks for the reply. I have created the DDS Logs as well as a RootRepeal log and forwarding it.As for the delay its ok i can understand.
I suspect my pc could be having a trojan or virus. If so i would like to completely remove it.I will post the logs as soon as posible. Although i have Avast, AVG Free 8.5, Adaware, Malwarebytes' Anti-Malware,Spybot - Search & Destroy 1.6.2,Windows Defender 32 i still think there could be some hidden trojan or virus. I recently copied some data from my pc to my pen drive and took it to a cyber cafe for printout and there the antivirus in the cybercafe pc said there is a trojan in the pen drive and quarantied and deleted it. This has further added to my suspicion.Hence kindly look into this matter.
There is one more thing I would like to know. Whenever I download freeware, I save the main installation file for future reuse. I would like to know would such installation files get infected if your PC is infected and if so wont they be detected when u run complete scan of your PC OR are these infected files detected only when you reintall them.Kindly do share your thoughts on this too
I am adding the log files.
Merry christmas and a Happy New Year

Thanks,
Andy

Attached Files

  • Attached File  DDS.txt   11.34KB   55 downloads
  • Attached File  Attach.zip   1.4KB   58 downloads
  • Attached File  ark.zip   710bytes   65 downloads

Edited by andy_uv, 22 December 2009 - 01:30 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 22 December 2009 - 01:43 PM

Hello.

There is one more thing I would like to know. Whenever I download freeware, I save the main installation file for future reuse. I would like to know would such installation files get infected if your PC is infected and if so wont they be detected when u run complete scan of your PC OR are these infected files detected only when you reintall them.Kindly do share your thoughts on this too

They can be infected if there is a file infector on board. Usually anti-virus company can detect if it is malicious or not however, most programs gets updated frequently to fix bugs/vulnerabilities so you should get the updated copy.

You have 2 anti-virus software installed. Please either uninstall AVG or Avast

--
We'll start with Comobifx.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 December 2009 - 09:19 PM

Hello,
I will include combofix.txt log shortly. Since net connection is not very good at my place at times it make take a little time for me to reply kindly do not close this correspondence.
Thanks.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 23 December 2009 - 09:22 PM

Okay, no problem. Thanks for letting me know.

I don't close topics until I don't get a reply for 5 days. ;)

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 24 December 2009 - 09:15 AM

Thanks i will post the log at the earliest

#8 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 24 December 2009 - 09:18 AM

Hello,

I would like to know if I need to be online while running the scan or Can i do it offline also. Awaiting reply.

Thanks

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 24 December 2009 - 11:30 AM

I would like to know if I need to be online while running the scan or Can i do it offline also. Awaiting reply.

If you're referring to Combofix, Combofix automatically disconnects from the internet during it's run so it won't be necessary.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 25 December 2009 - 05:12 AM

Hello,

Yes I was refering to combofix scan. I had a doubt if computer need to be online -connected to net while doing it. Since you said its not required, I would do the scan offline and would post the reply shortly. Also i would like to know why you recommended to uninstall one antivirus - just curious to know if its ok with you.If so which one according to you should I UNINSTALL.

Regards

Edited by andy_uv, 25 December 2009 - 09:50 AM.


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 25 December 2009 - 02:33 PM

Hello.

Sure, post the log once done.

Regarding the 2 anti-virus softwares installed.

I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

--
Depends on which AV you prefer. IT doesn't really matter, both AVG and Avast are good anti-virus softwares.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 26 December 2009 - 04:14 AM

Hello,
I am attaching the combofix log.

Rgds

Attached Files



#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 26 December 2009 - 09:24 AM

Hello.

I still see Avast and Avg running on your system. Please remove if now if you have not yet done so. Thanks.

Let's run an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 andy_uv

andy_uv
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 30 December 2009 - 09:04 PM

Hello,

Sorry I could not post much earlier. Regarding the online scan i would shortly post the log of the scan. In the mean time please do not close this correspondence.
Regards.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 01 January 2010 - 01:16 PM

Okay. Thanks for letting me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users