I have avast! Internet Security v.7.0.1474, but I sometimes use other online scanners to check for viruses or malware that avast! might miss.
Today I used BitDefender’s QuickScan, which told me that my PC is infected with Gen:Variant.Kazy.132874. Prior scans by Malwarebytes did not detect it, nor did Trend Micro’s Housecall, and it has apparently been overlooked by avast! as well. If it is indeed a virus or trojan or worm, I may have had it unknowingly for some time.
What do I do? Is it a legitimate virus or malware of some kind, and if so, how do I get rid of it?
No log file; nothing but the screenshot I attached. I actually thought it might be a FP, or even that I had visited a hijacked url, but one can’t be too careful. None of the following site checkers - Norton Safe Site Checker, McAfee Site Advisor, and Trend Micro Site Safety Center - report any problems with the link.
No. As I mentioned in the post immediately prior to yours, I got no log file; nothing except the window that says “Your system is infected with Gen:Variant.Kazy.132874”.
However, I just ran AdwCleaner and it said I have some stuff from Babylon Toolbar, so I’m now going to let it run its cleaning procedure, which I understand will involve a reboot.
However, I just ran AdwCleaner and it said I have some stuff from Babylon Toolbar, so I'm now going to let it run its cleaning procedure, which I understand will involve a reboot.
yepp....it removes most of the browser/toolbar crap
AdwCleaner apparently didn’t find Gen:variant.kazy, but says it removed Babylon and a number of other things (partial list below):
***** [Services] *****
Found : Updater Service for StartNow Toolbar
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\AGI
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\AGI
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
…
However, avast! told me that something tried to change my default Home Page, so I don’t know if that was AdwCleaner or an effect of the stuff it was removing. I didn’t allow the change.
Thanks for your help, guys. I would never have found AdwCleaner, but it’s now part of my arsenal.
OK! I also have BD in my dual booted Linux Ubuntu (I think it’s Precise P because I wanted LTS). Maybe I will rescan with BD in Win7 tomorrow, and if I get a hit, I’ll try a scan in Linux.
You probably know this, but mount your windows drive (as su/sudo) first in the same account from which you then run BD scan - otherwise I’ve found BD is a bit variable in whether it will access it.