1 detections on my laptop, 2 on my PC

Hello,

On my new laptop, (on which I replaced Norton by Avast 1 day ago), I had the following detection
after planning an immediate Avast 4.7 scan (cut and paste from the Avast mail I got from my
mail sent message folder) :

Virus name: Win32:Klez-H [Wrm]
Original file location: C:\Documents and Settings\uc
Local Settings\Application\Data\Identities{E9AAF06D-EE40-4414-BB76-B0CD9F1055BB}
Microsoft\Outlook Express\Boîte de réception.dbx\DBASE(r) v4.x and
5.x.eml#625664\VFPODBC.bat#755158202

And on my PC (Avast 4.8), I had 2 detections (manual copy from the chest) :

Virus name: Win32:Agent-TOS [trj]
Original file location: C:\WINDOWS\SYSTEM32\Panda Software\NanoScan\Engine\psnflg.dll

(perhaps this one is a false positive from Panda, sometimes manually launched, only to check
net access, but I don’t use it anyway).

Virus name: Win32:Gida[trj]
Original file location:\C:Documents and Settings\uc\Local settings\Application Data\Mozilla\Firefox\Profiles\x8raan3z.default\Cache

(sorry, I had problems trying to send this info using Avast mail)

I put all of these 3 files into the chest. How dangerous are these threats ?
What else do ?

On my PC, I usually do about once a week a complete scan planned at boot time. I was
working that way for several monthes, and nothing was detected. The today scans were
immediate scans. Options were the same. I suppose would the scan have been done
at boot time, that results would have been the same, right ? (was rather surprised to
discover all of them with immediate scan, and not before).

BTW, on my PC, I now have 4.8 version, but on my laptop, even if I have set automatic
update both for the program and the virus data base, I still have 4.7. Why ?
(I copied the licence key from my PC to the laptop, it is valid until July 1st, date at which
I should renew the licence, I am correct in doing so ? ; I use both only for private, no
commercial).

Many thanks in advance for any info.


Perhaps posting a HiJackThis log for each computer would help.

Please download HiJackThis from the link below, run the program but do not make any fixes, and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


Here is my PC hijackthis log. Hope it will arrive safely and correctly ?!
Hijack from my laptop will follows
TIA

Here is my laptop Hijacklog. Hope I have sent it correcly ! TIA

Did you use Norton Removal Tool for Windows 2000/XP/Vista?

Didn’t you install version 4.8 (the latest) instead of 4.7?

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

If by ‘immediate’ you mean ‘quick’, no, boot time scanning is deeper than the Windows quick one.

The program updates are released but to avoid excessive load on the servers the auto update check happens randomically every 7 days and it’s not checking every time you connect to the Internet as with the iAVS checks. Every avast installation has a unique, randomly generated GUID (“general unique identifier”) associated with it (it is generated during installation). This ID is random, but fixed. They use this value to determine when the updater pops up on YOUR machine, i.e., the program already knows that the update is there, but it won’t tell you until it’s your turn. You have to allow the update, i.e., it’s not a forced and automatic update.

Yes, you’re doing correct.

RE pc hjt log: Please go to the Logitech web site and download and install the newest version of their Desktop Messenger client. Yours is several years old and the newer one does not corrupt the registry as the one currently used is doing. It will clean up the log and make it easier to read.

Klez was in your mail box in an email.

The panda was probably because of unencrprted panda files.

crococ, I can’t read your quoted post…

For your pc, as I suggested get the update for your logitech Desktop manager. It will clean up those 018 lines. Here’s a link

http://www.logitech.com/index.cfm/494/3041&cl=us,en?osid=1&file=

It can probably be unistalled as it is a update notification. The info on what it does in on the page along with the download link.

secunia scans are quick and painless.

this file I don’t know what it is

C:Documents and Settings\uc\Local settings\Application Data\Mozilla\Firefox\Profiles\x8raan3z.default\Cache

For your laptop

Open HJT, run a system scan only, check mark these lines if present

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Close all other browsers/windows, click fix, close HJT.

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

update your java for firefox

http://www.java.com/en/download/windows_xpi.jsp

Sorry for being back so lately, was away for some time …

1st, for my PC, I did what you suggested (at least, I tried to), regarding Logitech
Concerning the x8raan3z.default file, that was detected in a previous scan as an
infected file by Avast, I sent it to the chest, the file name was : CACHE_002,
ans the virus name was : Win32:Gida[trj] ; I sent it to Avast a few days ago.
I ran also the Avast antirootkit, no diags. According to Secunia report, all my
PC soft products look to up-to-date.

2nd, for my laptop, I ran HJT, and fixed those Symantec lines you specified (first,
I used the Symantec uninstall tool to wipe away Norton Antivirus, and proceeded
Avast installation).

Secunia reports are telling me that both machines are now up-to-date. I am joining
the last HJT reports for a final check.

I would like to thank you for your support and usefull info. Particularly, I appreciated
your link for Secunia, that I did not know at all before.

Is now the Avast antirootkit file (aswar.exe file) included in the Avast 4.8 edition ?
Does it make sense to still use aswar.exe if I have the Avast 4.8 ?

Thanks again.

Is now the Avast antirootkit file (aswar.exe file) included in the Avast 4.8 edition ? Does it make sense to still use aswar.exe if I have the Avast 4.8 ?

I believe it is, however it is not the full program. I think the best is to have both. If a rootkit is detected, the avast antirootkit can be used.

If I’m wrong, someone will correct me. I haven’t had time to keep up on the new developements as much as I had hoped to.