Avast has found Trojan but can't delete?

Viruses and worms
21

hi essexboy

please excuse my ignorance as I’m not very tech savvy but what do you mean about the full folder path and temp internet folder? Sorry! :-[

also, do i have to disable firewall or just avast and mbam??

downloading ComboFix now - once again thank you for helping me!

22

Just disable Avast and MBAM. I will get some screenshots together for your other question

23

thank you! :slight_smile:

everything is running very slow so I apologize if I’m not getting back to you fast enough! :-[

EDIT hey essexboy, I’m getting this message when I run ComboFix …

I installed it. Hope I’ve done right thing! Now getting a warning:
Unable to create a backup of current registry file C:\WINDOWS\system32\config\SECURITY !
it’s asking me to continue restoration???
Lots of warnings now. Do I click yes for all of them?

24

Click yes, that will install the recovery console onto your system

25

I sound like a frantic lunatic haha sorry essexboy! It’s busy
Preparing log report but when it rebooted the screen was
Black (like safe mode?) with 3 options but then it
Started as normal.

26

Yep the options include the recovery console, we will hide that at the end :slight_smile:

27

combo fix log attached!

PC still running very slow and freezing - browser / opening files etc.,

28

OK all malware cleared, now we just need to speed you up a bit

Download to your desktop Mike Lin’s startup control panel https://web.archive.org/web/20131106030702/http://www.mlin.net/StartupCPL.shtml
Download this version Download Startup Control Panel 2.8 (59kb)
Open the zip file by double clicking
Double click the startupcpl file that you now see this will install the programme
Now go to control panel and you will see a startup icon (picture 1)
Double click this and the programme will open
Go to the HKLM Run tab
Right click all entries except Avast and select disable (picture 2 )
Repeat for the HKCU tab
Now reboot your computer

All the changes can be reversed by running startup from the control panel and right click then select enable

Has this improved your speed

29

thank you essexboy, I’ll do that now! I really am grateful for your help :smiley:

one other question though…is it safe /ok for me to delete/uninstall Google Desktop?? Still getting the error message on start up.

30

Yes unless you really need it, it is a bit of a resource hog and contributes very little

31

should I do it now or after we’re completely finished?
(so sorry for bombarding you with all these questions! :-[ )

32

Doing now is a good a time as any

Always remember the only stupid question is the one you do not ask :slight_smile:

33

haha thank you! you really are too kind (and very wise!) :smiley:

ok, I’ll do it now and fingers crossed everything is ok then I’ll download the Mike Lin thing.

thank you!

34

hey essexboy

has the Trojan been removed? I’m just concerned that if I uninstall Google Desktop and it’s still there something bad will happen.

the reason I ask is I just checked the Avast scan log and it still won’t let me delete it.

I’ve attached a jpg!

35

If you uninstall google desktop that folder will be deleted

36

hey essexboy

Ok, so I’ve uninstalled Google Desktop (hurrah!), checked Avast log and the trojan is still there. Still won’t let me delete it (!) Tried to move it to chest but it said it could not find the path specified.
Should I do an Avast reboot? will that clear it once and for all?
I still haven’t downloaded the last program you’ve advised me too yet! I just wondered if I should reboot first?
also…is there any way that Avast could have been compromised by the trojan? should I delete and reinstall…?
(so many questions, sorry!) :-[

37

Yes reboot as the file may still be in memory or is it still in the log as opposed to avast alerting on it

Avast is protected so it is excessively hard to infect :slight_smile:

38

hey essexboy,

thank you, I’ll do a reboot scan now.

I probably won’t get back online after its done, so I’ll download the Mike Lin program in the morning and get back to you for more instruction!

you’re seriously the best, thank you SO MUCH for helping me, I really don’t know what I would have done!

until tomorrow… :smiley:

39

Night night :slight_smile:

40

hey essexboy :smiley:

sorry for the delay in getting back to you, bit of a crazy day! :o

ok, so I did the Avast reboot scan and the Trojan is still showing up in the threat section (?), but when I try to delete it from the list it still won’t let me and says “action postponed until next reboot” (!) which I’ve done like 3 times (!) And I can’t move it to the chest as it says it “can’t find the path specified” :-\

Should I be really concerned about this?

has the Trojan definitely been removed?

maybe I should uninstall Avast and reinstall? Would that clear it?

also, did a windows scan and I got this - windows replaced bad clusters in file 38232 of name \DOCUME~1\user1\APPLIC~1\Mozilla\Firefox\Profiles\OGOKWO~1. DEF\WEBApp~1.SQL.

since then, browsers back to normal - a LOT faster! ;D and opening files also much quicker! :smiley:

So do I need to do the Mike Lin thing you said?

I shall await your instruction!

EDIT: meant to ask you - I deleted Google Earth, Photos Screensaver, picasa, kindle - but there are still files in my documents folder - is it safe to delete them??