Hi again, on my last thread http://forum.avast.com/index.php?topic=48352.0 I said that running CCleaner and scheduling a boot time scan fixed the problem, but I was wrong. Think I did a quick scan or something. So here we go again, i’ll start from the top…
Both Avast and AdAware have detected C:\WINDOWS\Temp\wpv731245771011.exe (name: Win32:Neredr [Drp]) as a dropper Trojan on my PC, but both also seem unable to move it to the chest or delete it.
I orginally ran an Avast scan when my comp was doing weird things with my input devises. If i clicked an icon with the mouse it’d select all icons up to that one and open them. If I typed with capslock off it would be on and visa versa, if i typed quickly random letters were in capitals, shift keys didnt work etc etc. That scan brought up a bunch of trojans and cleared them, still had the problem. I deleted my Temp files and suddenly it seemed to clear up, no idea why. So basically now I have no signs of a virus when I use my PC, but its still finding that dropper…
I’ve run boot time scans in Avast! and Adaware and both say the same thing when I try and move it to chest: “This operation is not supported for this type of archive”
Since then I have installed and run MBAM which found this plus other hits, but since I was advised not to delete the files when I last posted I did not take any action. (I couldn’t see a fix / move to chest type button anywhere after the scan, just delete?) Here is the log: "Malwarebytes’ Anti-Malware 1.40
Database version: 2763
Windows 5.1.2600 Service Pack 2
09/09/2009 15:32:42
mbam-log-2009-09-09 (15-32-40).txt
Scan type: Full Scan (C:|)
Objects scanned: 245750
Time elapsed: 1 hour(s), 35 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) → No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Ollie\Application Data\wiaserva.log (Malware.Trace) → No action taken.
C:\WINDOWS\Temp\wpv731245771011.exe (Trojan.Agent) → No action taken."
I installed and ran avast! antirootkit as suggested, nothing found with that. I also installed Spywareblaster and Service Pack 3 as advised.
…continued on new post…