Do I still have a virus?

Hey all,

I am worried that I may have a virus. I got one while using Google Chrome but my McAfee immediatley picked it up and I eliminated them. I proceeded to run SpyBot Search and Destroy, which found nothing except some cookies as it always does. I ran a quickscan with McAfee right after that and it found nothing as well. I ran another full scan with McAfee today as well as another one with SpyBot and found nothing. However, I am not sure if it escaped detection. I got more than one I believe, the only one I remember being a Trojan one. I checked my processes in task manager and I think all of them check out, but I am not sure. FATrayAlert.exe and FATrayMon.exe seemed weird to me, but I think they are supposed to be there. So basically I want to know:

1. Could the viruses have gotten past?

2. Is McAfee my best option ( I pay for it, so I would rather not merely uninstall it).

3. I have WebRoot Spy Sweeper -- the paid version ( not installed though). Should I install it, or will it conflict with McAfee?

4. Is Google Chrome safe or should I use IE?

I went back to using IE . (I got the virus --which I believe I got rid of-- in Google Chrome). Someone told me to check my processes, but I have no idea what they mean....I am so worrrried, please help me.

Thanks in advance ( I am truly sorry if I did this wrong, I am just really upet ).

NOTE: Someone recommended Glary Utilities to me and I ran that today. Some errors came up, but none looked to be that serious (or even a virus for that matter) and I fixed them.

I also just ran a Malwarebytes scan in safe mode as well as a mcafee scan and nothing came up.

EDIT: System Information

Dell Studio XPS M 1640

Windows Vista Ultimate 32-bit with SP 2.

I have been worrying about this all day and tried to use Dell, but I would have to pay for Software support because my warranty doesnt cover it. I am frustrated and worried and hope someone can help me.

Thanks in advance

Hello. you are most likely OK. Mbam shoyuld be run in Normal mode whenever possible, It's the odd one that is stronger that way.

You should disable Spybots TeaTimer if runninig prior to scans.

We can get one more look if you like.



I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

Here is the ESETScan Results you told me to post:

C:\Program Files\DVDVideoSoft\Free Audio CD Burner\icon1045.exe Win32/Adware.ADON application deleted - quarantined
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\icon1045.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\James Geiger\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\83a3b19-78f79d65 probably a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined

Here are some things I do not understand:

1. Why did McAfee not catch these?

2. I ran Malwarebytes, SpyBot Search and Destroy and McAfee scans multiple times and it did not catch anything.

3. I used some cleaner to free up space (Glary Utilities) and I lost some data, in particular the Log for McAfee for Friday the 5th of Feburary. I contacted the McAfee support and the pretty much told me that the data cannot be recovered. Thus, I cannot know what those viruses I had were that it supposedly quarantined. I am pretty sure I saw more than 3 errors when the alert popped up.

4. Does the ESET Scan take into account Google Chrome being used (that is the browser I was using at the time I contracted the viruses)?

So, I am pretty much saying that I am really worried that even this scan didn't fix the errors/viruses (Whose to say that there aren't more that escaped detection)?--Would my best option be to reinstall or reset (I am not sure which is appropriate to totally remove viruses) my Operating System?

I really appreciate the time you are spending to help me

EDIT: I just noticed something. The above results all target applications I already had. The site I was on when I contracted the viruses had nothing to do with the above, unless they latch onto them or something .

Edited by Jagst3r15, 09 February 2010 - 02:35 AM.

Hello,
About the tools... I use a layered approach on my Vista machine. As mew malware is writtrn everyday and no one tool will be on top of them all at the same time. I use Avira (AV) ,MBAM and Superantispyware.
Some malwares like rootkits can keep regenerating and a clean install is the only solution..
For cleaning you have a couple of options. You can post a log in our HJT/DDS section or you can reformat. I can give you both instructions.
The HJT will be a couple days to get started.

Hi thank you for the quick response,

I have some programs that I would rather not lose because I do not have the re-installation discs anymore. Is there such an option as System Restore that lets me keep the programs I want?

Also, I pay for McAfee, but I can also get Norton AntiVirus 2009 from my University for free. Which do you reccomend?

And what do I do about windows defender and windows firewall, turn them off?

I also have WebRoot Spy Sweeper paid for, but uninstalled. Should I use Norton and that as a good combo? or can you reccomend something better.

Sorry for all the questions,

I really appreciate your help!

Hi of the 2 you mention ,I'd say McAfee. Tho I feel the free avira i use is better anyway.. so...
System restore will only set you back to a point in time and not remove any maleware.

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

As you have files you are concerned about the next safest course is ...You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.

So I can pretty much do the DDS/HJT and nothing can be found so I can be fine. Or, something is found and then i can merely reinstall the OS. So, either way the DDS or HJT is the best route?

Do the DDS thing and post the complete set of logs.. After review it can be determined what is needed to remove it.. Then no reformat is needed.

The DeFogger download link seems to be broken. Is there an alternate one I should use?

Let me check

Try this one DeFogger

Edited by boopme, 09 February 2010 - 03:26 PM.

Hey so I just ran the HJT test thingy and got the DDS.txt and Attach.txt but when I was running the scaner gmer program the application froze and a blue screen came up that said "Fatal Error". It said something along the lines of "data dump" or something like that and the computer shutdown....can't be good

Edited by Jagst3r15, 09 February 2010 - 03:47 PM.

Ok,the malware is a beast. Just post the DDS log and the Attach txt.. Mention nothing else will run.. They will handle the rest.

Ok so I am really scared . I think I should just go ahead and Re-Install my OS. If I call Dell can they just do the factory reset for me (and will that be just as good as reinstalling my OS?)

Thanks mate.

Edited by Jagst3r15, 09 February 2010 - 04:38 PM.

Hi, Take a look at this. Reinstall Windows Vista

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.

Since we don't know exactly which infections we're dealing with here, we should take some precautions before we attempt to move files from the infected machine. Run the following on your clean computer, and make sure you insert your flash drives at the prompt.
Download and Run FlashDisinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Reinstall Windows Vista

Problem solved. You can close.