Hi everyone.
Some hours ago, I downloaded a torrent , and while downloading the attached warning message came up. I immediately exited utorrent, and selected move to chest, but immediately after pressing ok, the message showed up again, and this happened again for the next few times I pressed ok.
Then , with the message still on screen, I took the liberty of permanently deleting the file where the torrent was saved, and also the torrent file that was temporarily saved and the one in the Local folder, inside the Utorrent folder.
After that I opened up task manager and saw that the utorrent process was still running, so I ended it as well.
Now, the message from avast is still showing up every time after selecting any action (except for ignore)and pressing ok.
two questions: Why I cannot get rid of the message, and should I be worried?
Right now I am full scanning with Microsoft Security essentials, which says that preliminary scans have shown that there is possibly malware in the pc.

http://www.imagehosting.gr/out.php/i1461276_utorrent.jpg

Avast is fully updated, and my system is Windows Home 32bit. Windows are fully updated as well by the way.
Cheers

Have you tried scanning with Malwarebytes ?

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

Ok, I’ll sure as hell give it a try.
Just clarify me this first, is it ok if I run it while Security essentials is still scanning, or will this cause problems?

only run one scanner at the time.

Do you have avast! and Security essentials installed ?

Positive.
But I have turned Security Essential’s real time shield off. I just have it for a ‘second opinion’ scan , whenever needed.

for second opinion’ use Malwarebytes or/and Superantispyware

why you should never install two AV (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=260844&view=findpost&p=1441638

Why Shouldn’t I Install More Than One Antivirus Program At A Time?
http://www.security-faqs.com/why-shouldnt-i-install-more-than-one-antivirus-program-at-a-time.html

Clash Of The Antivirus Apps
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

wow, ok, I didn’t know it was such a big deal.
noted.
Also, I wanna ask you, just seconds ago, I checked Avast’s shield reports, and the infected file’s path shows a .zip file (which by the way doesn’t even exists now, since I permanently deleted the torrent’s folders).
Is it possible to have the malware code executed if I didn’t even get a chance to open the .zip folder?..

I am no malware expert but a normal zip.folder no don`t think so, but malware can be disguised as something else so what came down with the torrent ?

Run Malwarebytes, if it does not do the trick we can call remover Expert Essexboy

All the torrent had were .PDF files, and some zips (or the particular may be the only one, I can’t remember) , which I suppose had more .PDFs inside.
It was a book torrent.

Yeah, sure I’ll run Malwarebytes, but I’m waiting for S.E. full scan to end first since I had it started.

Cloisterblack: It is always better to quarantine suspected infections. This helps with future analysis of the files…

You will be in good hands on this board. The experts here are top notch.

@Pondus: Vad görs i Norge?

I bet you are guys
By the way, why is the warning message stuck in an infinite loop?
No action between quarantine / delete (I am not trying ignore) seem to do anything.

By the way, why is the warning message stuck in an infinite loop?

@Pondus: Vad görs i Norge? :-)

ok, for any of you still interested on my case, S.E. just finished and this is what it found.
No relation with the torrent thing I believe.

http://www.imagehosting.gr/show.php/1461359_se1.jpg
http://www.imagehosting.gr/show.php/1461360_se2.jpg

I delete them, right?

EDIT: nevermind. Security essentials removed them automatically probably because I didn’t take any action and it thought I was afk or something. dunno. I just hope it didn’t do anything stupid

[b]EDIT 2: and this is the log from Malwarebytes, run after Security Essentials.

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4761

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/10/2010 2:18:19 πμ
mbam-log-2010-10-07 (02-18-19).txt

Scan type: Quick scan
Objects scanned: 136990
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command(default) (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)[/b]

I am waiting for advice on what should I do.

Exploit:Java/CVE-2010-0094.A
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0094.A

Trojan:Java/Rowindal.A
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AJava%2FRowindal.A

Click the Remove selected button to quarantine

So is the problem gone ?

Yes, as I said on my previous post above, S.E. deleted the Java related exploit/trojan .
After that I did a quick scan with MBAM, and it found only an infected registry object (see the log above).

And, Avast still gives me that infinite loop message about the ccg.exe thing in that god forsaken torrent, even though none of the other security tools (S.E. and MBAM) found anything related to that.

EDIT: woo, the MBAM full scan has found 6 infected files on the PC so far!.. blimey.
I’ll post the full log once it’s done, and I’ll wait for you people to give me some directions on what should I do with them.

And, Avast still gives me that infinite loop message about the ccg.exe thing......

Prevx info - CCG.EXE - Cloaked Malware
http://www.prevx.com/filenames/2200190788688276157-X1/CCG.EXE.html

after you have done the full mbam scan follow this so Essexboy can look at this tomorrow

Follow this guide from Essexboy and post the log`s
http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

ok!
As for ccg.exe, I had read that already. Is it really bad?..

ok, here are the logs from MBAM and only the extras.txt file from the OTL scan, since I think that the other generated file, OTL.txt has way too many personal information to just put it up.

Concerning the keygens found in the MBAM log, I knew I had them but I believed (I still do) they were just false positives.

The only thing that I had no idea about was the registry thing that was infected.

Note that these two scans took place after the S.E. scan which found a Java related exploit and trojan.

Also , I found the log from avast, and I think I understand now why the warning message is stuck in an infinite loop ( even though I don’t understand what this is–> “The operation is not supported for this type of archive.”).

I attach the excerpt from the avast log.
The point when it starts saying it did not found the file, is because I deleted it from the system.

Essexboy have been notified, he usually enters the forum late UK time

Hi the log I require and which has all the relevant data on is the one you have not attached. Without that I cannot determine the malware files