The other day I was trying to open an old version of Microsoft Money I had installed on my Windows 7 computer and a red warning came up telling me it had detected an infection. This was totally unexpected so I waited until today to do the scan. I am attaching the text image of the scan, I did not know what to do so I just had all put in the chest. Can someone take a look at what I have and advise me. I don’t get the connection to the Microsoft Money. I only open that program in real rare times. I wanted to look for some old transactions and then this happened. How do I get my Microsoft Money back and functioning after I find out about these infections and what should I do?
Hi:
Let’s ask Essexboy, our Malware Expert to have a look inside.
Please follow this guide and attach (not copy and paste ) the requested logs. http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
Because of Time Zone differences you may have to wait until Tomorrow
I added the MalwareBytes in another reply. I was going to try it on a new post but it wasn’t working. I hope I have what I need here.
I have attached the MalwareBytes log here.
I should have known better but when I reported here I did not do an Avast scan on my external drive because I only turn it on towards the end of the day when I move files to that drive. It is an older drive I put in an external case, so there are lots of old things on there. I scanned a couple of other computers that did turn up something, but I won’t go into those until I have this one squared away. My point on this reply is, can I just scan the external drive and skip the doing the primary drive? Advise please.
The files removed on the bootscan were Potentially Unwanted Programmes (PUP) Toolbar rubbish basically
None as far as I can see are related to Money
To scan just the external drive
Ensure it is conected
Then open Avast to Folder scan
Select the external drive
Thank you, is it better to leave them in the chest or just remove them all together? I have a similar problem on another machine, but I think maybe I should post another topic here for that one. One machine down the basement has only one that is a download that was done years ago.
Thank you very much,
Thank you, is it better to leave them in the chest or just remove them all together?there is no rush to delete anything from chest....if you find out later that one file was falsly detected then you can restore it if deleted let it stay for a couple of weeks before you do
Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
You can continue with the other system in this thread if you wish
Since I am on this other machine I might as well send the boot disk scan. It looks like it involves System Volume Information on the C drive and the two partitions on my external drive. Will I have to download and run the other scans as well for this one, and is there more danger with the System Volume Information being involved? Plus it looks like a couple of the 7 infected files have trojans. This machine has been giving me major headaches in the way it boots up for a long time.
By the way thank you,
i recomend you do the same (all) scan on evry machine …no machine is equal inside
Okay, I may not get it all together by tonight, but if I don’t it may be a couple of days, we will be out tomorrow. One machine I have down the basement only had one very old download infected. I think that one should be okay if I just delete it? I have another netbook that is used rarely and I will do that in the future. These three are the machines that are used regularly.
Here are 4 of the 5 logs, I will add another post for the 5th.
here is the 5th log.
I did do a scan within the program for my external drive and it came up with 3 infected files, I am attaching a jpg of those results.
Not a deal on that mainly just toolbar remnants
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-963639892-689279713-4071888707-1005\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O4 - HKLM..\Run: [EfficientReminder] File not found
O4 - HKU\S-1-5-21-963639892-689279713-4071888707-1005..\Run: [DW6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver Performer.lnk = File not found
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Should I run the fix on the post I used the subject:
Re: 13 files infected-other machine
or
Re: 13 files infected-first machine external drive
This is based on the logs in post 13
I started OTL on the computer, but it is in a stalled state right now. I pasted in the script as directed and it is just saying:
Killing Processes, Do Not Interrupt
I started this about an hour ago and nothing is happening.
On the first RUN FIX by OTL, it came up NOT RESPONDING so I forced the computer down and restarted it. I started the RUN FIX again, but once again it just hung for over an hour, but it did not give the Not Responding, but I gave up again and decided to force it down again. I decided to do the quick scan on the next boot up and am posting it here. I have had problems with this computer for some time where I have to force it down at times at the end of the day. So using that method to shut it down is familiar to me.