I’ve never had a problem with viruses, but now, unfortunately, my stepson’s computer has a very annoying “worm”, I think. He downloads all sort of “crap” off the internet, and I knew it would be only a matter of time before he got something on it I didn’t know how to get rid of. I’ve got Avast, and it does a good job, been using it for several years.
Avast keeps popping up with a “Found Virus” alert every few minutes, I tell it to move it to chest, and it says it can’t, because it is being used, or something like that.
When I tell it to delete the file, I assume it does, but within 5 or 10 minutes at the most, another virus file is found and alerts go off.
I’m fairly novice at this, but know some about computers, so while I’m not totally a newbie, I’ve not removed viruses and worms and trojans all that much. So any help would be greatly appreciated.
Scott
Try this
Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php
MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, then click the “remove selected” button to quarantine anything found and restart
Why not switch him to a limited user account if he can’t have more discipline, so any potential damage is also limited.
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
That is what I thought. I’ve done Avast Scan and it found boat loads of the file. Firewall? ZoneAlarm.
I may end up trying all that stuff you and others have suggested, but it may be a day or three, because of being so busy around Christmas…speaking of which, Merry Christmas to everyone!
Scott
[quote author=DavidR link=topic=52511.msg444641#msg444641 date=1261522015]
Why not switch him to a limited user account if he can’t have more discipline, so any potential damage is also limited.
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it and report the findings
In removing Bredolab (there are 8 different versions) remove the following files if with the corresponding MD5:
~.exe, load[2].exe, winNmHNNoZHatkjc.exe ab290f18b0fe3ce172638dab58e9d36d
~.exe,load[1].exe eb34a948b5585b64fa217b0f65b6eab5
ab290f18b0fe3ce172638dab58e9d36d. ab290f18b0fe3ce172638dab58e9d36d
digeste.dll2 d190b1cf7328c5a196bb5b967b7da94f
digeste.dll d190b1cf7328c5a196bb5b967b7da94f
e58b9e29a5c4fdca196fc6e837b9212b
m.dll ca52b4c5fc7c434dad49cce7c855d630
MsZ.exe eb34a948b5585b64fa217b0f65b6eab5
Kill processes:
file0.exeU
nregister DLLs:
msansspc.dll
Delete files:
file0.exe msansspc.dll
Step 1 : Use Windows Command Prompt to Unregister Trojan.Downloader.Bredolab DLL Files
Search and unregister “Trojan.Downloader.Bredolab” DLL files:
Step 2 : Detect and Delete Other Trojan.Downloader.Bredolab Files
Remove the “Trojan.Downloader.Bredolab” processes files:
digeste.dll
Step 3 : View the Trojan.Downloader.Bredolab Components with its MD5s
Remove the “Trojan.Downloader.Bredolab” components:
File Name File Size MD5
digeste.dll 18432 d190b1cf7328c5a196bb5b967b7da94f
digeste.dll 28672 e58b9e29a5c4fdca196fc6e837b9212b
winupdate.exe 24576 77c39565cdd2fecbc446712e3d8d67ed
mwoxsrance.exe 20003 fb3325e076e8bf8b72d36fa9a52e6420
~.exe 18432 ab290f18b0fe3ce172638dab58e9d36d
~.exe,load[1].exe 28672 eb34a948b5585b64fa217b0f65b6eab5
wncoaxmsre.tmp 17955 b7051ee012096b1539339e22268c5eee
winNmHNNoZHatkjc.exe 18432 ab290f18b0fe3ce172638dab58e9d36d
D6f499e61.exe 36352 74d95402682f7e11513433193e1a2684
wpv831257179558.exe 28928 13c60d96299b200f0b5205da7f6b1428
load[2].exe 18432 ab290f18b0fe3ce172638dab58e9d36d
random.exe 16896 b31cc9b74eb8d905d448bed22a5f9c54
wmcenraoxs.exe 20515 ac6732b35060af39b60b93f227ea8978
polonus