Avast! Keeps constantly reporting that I have worms/trojans/adware/etc

Avast Free Antivirus / Premium Security
1

In all the years that I’ve had my laptop, I never once got infected by malware. But after updating avast!, all of the sudden I keep getting these malware warnings and they’re starting to grate on my nerves now. It first started when I plugged in the same old thumb drives I’ve been using for months, saying autorun.inf had a worm in it. Used flash_disinfector to solve that problem and then it just went downhill from there. I’ve included a copy of the warning log in this post.

2/8/2009 4:52:19 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:52:58 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:53:18 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:53:38 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:53:51 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:54:03 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:54:19 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:54:37 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:54:53 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:55:09 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/8/2009 4:55:28 PM SYSTEM 1784 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 8:33:02 AM SYSTEM 1780 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 8:33:19 AM SYSTEM 1780 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:51:40 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:52:03 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:52:20 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:52:33 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:52:48 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:53:01 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:53:14 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:53:33 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:55:08 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:55:24 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:55:36 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:55:48 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:56:01 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:56:13 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 11:56:25 AM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:04:30 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:04:42 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:04:55 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:06:25 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:06:39 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:11:01 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:15:49 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:16:02 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 12:16:14 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/9/2009 4:28:37 PM SYSTEM 1788 Sign of “BV:AutoRun-G [Wrm]” has been found in “F:\autorun.inf” file.
2/10/2009 2:56:31 PM SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\8RWACUKB\tr1[1].exe” file.
2/10/2009 2:56:48 PM SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\160.exe” file.
2/10/2009 11:51:04 PM SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\L08W826S\tr1[1].exe” file.
2/10/2009 11:51:27 PM SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\873.exe” file.
2/11/2009 4:02:58 PM SYSTEM 1788 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\05HT40LI\tr1[1].exe” file.
2/11/2009 6:23:45 PM SYSTEM 1788 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\796.exe” file.
2/11/2009 6:27:22 PM SYSTEM 1788 Sign of “VBS:Malware-gen” has been found in “G:\autorun.inf” file.
2/11/2009 8:18:51 PM Users2008 1772 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\GSPFXFEV\tr1[1].exe” file.
2/11/2009 8:19:04 PM Users2008 1772 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\245.exe” file.
2/11/2009 10:27:39 PM Users2008 524 Sign of “Win32:Trojan-gen {Other}” has been found in “D:\KRO\dinput-remove.dll” file.
2/11/2009 10:59:23 PM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\GSPFXFEV\tr1[1].exe” file.
2/11/2009 11:00:12 PM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\701.exe” file.
2/11/2009 11:36:21 PM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\TJALLH2H\tr1[1].exe” file.
2/11/2009 11:38:49 PM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\171.exe” file.
2/11/2009 11:49:44 PM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\Documents and Settings\Users2008\Local Settings\Temporary Internet Files\Content.IE5\GSPFXFEV\tr1[1].exe” file.
2/12/2009 12:00:08 AM Users2008 1784 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\530.exe” file.
2/12/2009 1:53:48 AM Users2008 1784 Sign of “VBS:Malware-gen” has been found in “G:\autorun.inf” file.
2/12/2009 2:09:56 AM Users2008 1788 Sign of “Win32:VB-KZI [Drp]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\428.exe” file.
2/12/2009 10:50:27 PM Users2008 1788 Sign of “Win32:Virtumonde-TQ [Adw]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT56.tmp[UPX]” file.
2/12/2009 11:07:56 PM Users2008 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT57.tmp” file.
2/12/2009 11:25:18 PM Users2008 1788 Sign of “Win32:BHO-VQ [trj]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\dat62.tmp[UPX]” file.
2/12/2009 11:47:39 PM Users2008 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT65.tmp” file.
2/13/2009 12:55:31 AM Users2008 3060 Sign of “Win32:Trojan-gen {Other}” has been found in “D:\System Volume Information_restore{D3C0621A-7B2C-4559-B55A-5F757B6C3559}\RP406\A0070732.dll” file.
2/13/2009 2:10:31 AM Users2008 1788 Sign of “Win32:Virtumonde-TQ [Adw]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT72.tmp[UPX]” file.
2/13/2009 2:22:52 AM Users2008 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT73.tmp” file.
2/13/2009 2:40:03 AM Users2008 1788 Sign of “Win32:BHO-VQ [trj]” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\dat76.tmp[UPX]” file.
2/13/2009 3:03:29 AM Users2008 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\USERS2~1\LOCALS~1\Temp\BIT78.tmp” file.

Seriously folks, this is really getting annoying now. I can’t work like this! >:(

2

Well there is likely to be other elements that are responsible for this which are either undetected or hidden.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Clear your temp folders or use ccleaner to clear all temp files/folders.
CCleaner - Temp File Cleaner, etc.

This tool should have helped prevent/immunise against autorun.inf infections in the future, rather than make the situation worse. Because when run it on the usb drive (you must first have run it on yjhe main system to prevent it becoming infected when you plug-in the USB) it should remove the autirun.inf ‘file’ and replace it with a hidden autorun.inf ‘folder.’

For more instructions on running flash disinfector, see below.

Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
[*] Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.[*] The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.[*] Wait until it has finished scanning and then exit the program.[*] Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.

Also see this link for more information on Flash Disinfector, http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/

3

Flash Disinfector download mirror :

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Greetz, Red.

4

Greetings Red,

Your url is missing the last e in .exe unless this a security measure to avoid active links to .exe files ;D

5

No, I am just getting old :-\

Greetz, Red.

6

That makes two of us ;D