Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had AVSS Virus and removed it. Do I still have a bug, or damage to my files?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dermo

Dermo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 09 July 2010 - 09:44 PM

I had the AV Security Suite Virus, and have removed it using Malwarebytes. I wish I had seen your instructions on how to do it, but I did not and did it myself. I still have some problems, and do not know if it is another bug, or damaged files.

I have a HP PC with an Athalon 64X2 Dual Core 4600+. I am running Windows XP 2002 Version 3. It is now fully updated, but when my problems started, my copy of windows may have been out of date by as much as a month. I was running Norton, as provided by Comcast, and also had Ad Aware on the machine but was not running it. I now have Super Anti Spyware and Malwarebytes on it as well.

Several weeks ago, when we were browsing with IE8, at different times we would get an error message that included the wording:

Microsoft Visual C++ Debug Library

Program C:\Program Files\Internet Explorer\ iexplorer.exe

File: dbgheap.c
Line: 1132
Expression CRTIS Valid Heap Pointer

At the bottom of the window it would ask me if I wanted to Retry, Abort or Ignore

At the time, I chalked it up to the latest MS windows updates, as those many times have caused temporary error messages of various types, that went away the next time I got an update. It did eventually stop.

About two weeks ago, I started getting a series of error messages upon startup. As Windows was opening, they popped up. Seven of them, and each time the same seven. Each one cited a different program, but were identical other than that.

The example is:

Windows cannot Open this file:

File: Updates from HP.lnk.disabled

Below that it would allow two choices:

* use the web to find the appropriate program
* select the program from a list

In the other six messages, in the place of HP in my example, the file prefix was:

Quicken
Microsoft Office
Bill Minder
Adobe Reader Sync
Adobe Reader Speed Launch
Adobe Gamma Loader

Five days ago, The AV Security Suite virus launched on my computer. A bit earlier, Norton popped up and said it had detected and fixed a downloader virus. I do not have a complete handle on the times, as I was still asleep and my wife was up using the computer when it hit.

I spent the next few hours fighting it. Even with the limited functionality it gave me, I figured out the name of the file doing it and the folder it was in. In the heat of the moment, I did not write them down. I eventually was able to change the name of the file, and the folder, change their location, and then after a restart, it stopped. I then loaded and ran Super Anti Spyware, and it found 6 threats and it quarantined them. The next day I downloaded Malwarebytes and ran it, and it found the same 6, and I told it to delete them. I opened Super anti Spyware, and told it to delete what was in quarantine, in case it was still there. After that, I ran all four anti virus programs in succession. All came up clean.

At that point, I had a number of things not working on my computer. Both the CD and DVD drives were not recognized, and I could not add them back in. Several other programs were not running. All of the Windows games were gone. (Not a big loss except they should have been there)

After seeking some advice, I was going to try and repair Windows from disc. However, I did not get a disc with my computer. HP had the windows repair information on the hard drive under the D drive. When I tried to start reinstall, planning on asking it to repair, it did not give me that choice. Instead I reinstalled windows. That left me with a lot of work to do. Almost all of my files made it through, but I had to uninstall and reinstall several programs, some of which didn't even show up on the list of programs to uninstall. I had big problems getting QuickBooks back in due to a Net Frame problem, but got that solved as well. I have everything seemingly running again, but;

After all that, those seven error messages at startup still occur. Am I still infected, or do I have other damage to fix?

I thought it might be damage in each of the individual programs in the messages, but I have already reinstalled Microsoft Office and its working fine, and its error message still pops up. so I am not sure what to do next.

I follow instructions that are not from my wife very well, so I'll do my best to follow any I get.



DerMatoian

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 AM

Posted 11 July 2010 - 12:31 PM

Can you post the logs from your scans, and you haven't please sure Malwarebytes is updated and so is Super Anti-Spyware.

If they are not updated, please update them and rescan using a Full Scan.

#3 Dermo

Dermo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 12 July 2010 - 03:05 AM

Thank you for helping.

Here is the log from Super Anti Spyware for the scan I did on Friday.

I could not find any previous scan logs for Malwarebytes, but I did have to reinstall it after the windows reinstall, so those logs may have been lost at that point. I rescanned tonight, after updating, and the log is below.

I did update both programs before the scans.

I did have HiJackthis prior to the reinstall, but do not have it now. I can reinstall it and send you a log if that would help.

Here is the Super Anti Spyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 09:36 AM

Application Version : 4.40.1002

Core Rules Database Version : 5177
Trace Rules Database Version: 2989

Scan type : Complete Scan
Total Scan Time : 00:48:02

Memory items scanned : 526
Memory threats detected : 0
Registry items scanned : 6401
Registry threats detected : 0
File items scanned : 39345
File threats detected : 25

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@a1.interclick[1].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@adinterax[2].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@invitemedia[2].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn4.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bizrate[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt



Here is the Log from the Malwarebytes scan I ran tonight. It found a Trojan Agent, so I guess that answers one question. It appears I am still infected.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2010 1:03:31 AM
mbam-log-2010-07-12 (01-03-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 334431
Time elapsed: 1 hour(s), 56 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 AM

Posted 12 July 2010 - 09:13 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#5 Dermo

Dermo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 July 2010 - 03:01 AM

I have followed the instructions and posted a new topic.


http://www.bleepingcomputer.com/forums/ind...t&p=1843889


There were some problems with running GMER, which I detailed in the new post.

Thanks for your help so far.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:32 AM

Posted 16 July 2010 - 05:42 AM

Hello,

Now for the hard and frustrating part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users