AcroRd32.exe threat

system · October 12, 2013, 10:36pm

I just did a full scan and found 1 high severe threat AcroRd32.exe but when i try to move it to the chest or repair it an error comes up “there are no more files (18)”.Can you help please?

avastuser3796 · October 12, 2013, 10:39pm

Hello,

Please run the following programs from this link…
http://forum.avast.com/index.php?topic=53253.0

These files are safe, so if IE says different ignore and continue.

Run them in this ordered list.

Adwcleaner/MBAM/OTL/AswMBR

AswMBR (Windows 7)

After this someone will be notified to assit you.

Pondus · October 12, 2013, 10:50pm

AcroRd32.exe

Have you tested the file at www.virustotal.com (if tested before, click rescan) Post link to scan result here

system · October 12, 2013, 11:14pm

https://www.virustotal.com/en/file/e34098183731afe00b2756e070576dcbe1b037d5dc9781769292559c7f6600bf/analysis/1381619373/

Pondus · October 12, 2013, 11:23pm

First submission 2013-05-16 01:37:56 UTC ( 4 months, 4 weeks ago )

What malware name did avast give when detecting the file?
You may attach a screenshot of the avast scanresult

system · October 13, 2013, 12:02am

here’s the screenshot

jeffersonsant · October 13, 2013, 12:18am

Honestly, it’s hard to say what the cause might be.

Send File put in format Zip or RAR

to subject it as “False positive” to virus@avast.com

so that we can check and fix the problem.

system · October 13, 2013, 1:02pm

I can’t do nothing with the file because when i click on it says this folder is empty.

Secondmineboy · October 13, 2013, 1:15pm

It says the folder is empty.

Avast also says that there are no more files. Thats just an error message.

system · October 13, 2013, 1:35pm

so what do i do?

system · October 13, 2013, 11:52pm

AdwCleaner v3.007 - Report created 13/10/2013 at 23:46:05

Updated 09/10/2013 by Xplode

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : Paul Curtis - -TOSHIBA

Running from : C:\Users\Paul Curtis\Downloads\adwcleaner.exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

***** [ Browsers ] *****

-\ Internet Explorer v10.0.9200.16720

-\ Google Chrome v30.0.1599.69

[ File : C:\Users\Paul Curtis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R0].txt - [2123 octets] - [13/10/2013 23:46:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2183 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Paul Curtis :: -TOSHIBA [administrator]

13/10/2013 23:54:59
mbam-log-2013-10-13 (23-54-59).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-14 00:40:15

00:40:15.023 OS Version: Windows x64 6.1.7601 Service Pack 1
00:40:15.023 Number of processors: 4 586 0x2505
00:40:15.026 ComputerName: -TOSHIBA UserName:
00:40:16.735 Initialize success
00:40:18.141 AVAST engine defs: 13101300
00:40:24.029 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
00:40:24.034 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
00:40:24.153 Disk 0 MBR read successfully
00:40:24.159 Disk 0 MBR scan
00:40:24.173 Disk 0 Windows 7 default MBR code
00:40:24.180 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
00:40:24.196 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248
00:40:24.227 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152222 MB offset 313391104
00:40:24.353 Disk 0 scanning C:\Windows\system32\drivers
00:40:38.362 Service scanning
00:41:23.210 Modules scanning
00:41:23.231 Disk 0 trace - called modules:
00:41:23.308 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:41:23.320 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8002837060]
00:41:23.548 3 CLASSPNP.SYS[fffff88001aa743f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa80025f6050]
00:41:24.471 AVAST engine scan C:\Windows
00:41:26.755 AVAST engine scan C:\Windows\system32
00:43:53.688 AVAST engine scan C:\Windows\system32\drivers
00:44:04.885 AVAST engine scan C:\Users\Paul Curtis
00:50:24.165 Disk 0 MBR has been saved successfully to “C:\Users\Paul Curtis\Downloads\MBR.dat”
00:50:24.180 The log file has been saved successfully to “C:\Users\Paul Curtis\Downloads\aswMBR.txt”

avastuser3796 · October 13, 2013, 11:54pm

I will ask Essex to come help you with The win32:Trojan dropper file.

Note: He is in Bed right now. So he will not answer most likely for another 8+ hours most likely.

essexboy · October 14, 2013, 1:05pm

What is the full path for that file ?

system · October 14, 2013, 4:23pm

C:\ProgramData\Adobe\Setup{AC76BA86-7AD7-1033-7B44-A95000000001}\Data1.cab >AcroRd32.exe

essexboy · October 14, 2013, 5:39pm

OK lets just kill the install folder

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:Files
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · October 14, 2013, 6:09pm

log

essexboy · October 14, 2013, 6:48pm

Could you now confirm that is has gone and no more alerts

system · October 14, 2013, 6:56pm

I can’t confirm it’s gone because i did 2 full avast scans after i discovered the threat the first time and for some reason it didn’t turn up again.The only symptoms i’m having of the threat for now is the blue screen of death error.

Eddy · October 14, 2013, 7:05pm

What is the exact error on the BSOD ?

system · October 14, 2013, 7:20pm

I can’t remember the exact error,but it something about turn the computer off now,if i’ve seen this before,and uninstall any new software or hardware.