Hey

New person here, in a bit of trouble with the comp.

A virus or something has popped up, computer comes up with conhost.exe infected along with numerous others. Trying logging onto Internet and it says can’t log on to Internet. It allows me to go to the avast shop website to buy the full versions, doubting this is real. Currently run the free version.

Won’t allow a system restore, done a quick scan in safe mode and found 4 issues, deleted them. Now running a fullsystem scan but still not found anything.

No idea of what to do right now, any help would be great. Writing this on my phone at the moment as I can’t log onto Internet on comp

Thanks in advance

Simon

welcome to the forum Simon.

what where the infection that was detected during the boot scan?

didi the full scan detect anything?

it was sad that you deleted them when you should have sent them to the chest where you would get more options of dealing with the infections.

i would recommend that you download install the malwarebytes antimalware and do a scan with it. don’t forget to update it before scanning.

http://filehippo.com/download_malwarebytes_anti_malware/.

post the result here after you have done the scan.

good luck and let us know how it goes or if you need more support.

Sounds like a rouge, fake alert type of issue.

What are the infected file names, where were they found e.g. (C:\windows\system32\infected-file-name.xxx) ?

For detection on on demand scans, check C:\Documents And Settings\All Users\Application Data\Alwil Software\Avast5\Log (Windows 2000, Windows XP). Or C:\ProgramData\Alwil Software\Avast5\log (windows Vista, windows 7).

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1. MalwareBytes Anti-Malware (MBAM) as suggested, On-Demand only in free version alternative download site http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Hi

Thanks for the reply, the full scan shows no threats.

Not too sure how I’m going to download suggest programs will have a think.

Just to update it’s now saying msdt.exe is infected, ssvagent.exe infected, wuauclt.exe infected

Use the computer you are using now, download to that, copy to a USB stick or CD/DVD (possibly safer to avoid possible infection of a USB). Now copy to the infected system and install.

What is it saying the malware name is ?

It says

Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?

Will have to wait till tomorrow to get on another computer.

The malware name/s will help us to help you as sounds more serious than a rogue fake alert problem.

Where will I find the malware names?

This is on my computer too. I think there is a new fake security alert called avast. It looks like the fake norton or widows scam.

Most likely in the same window (the Title of the window) that’s telling you about the file is infected.

So, where is says “Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?”, the title of that window will have something in it. That name is the name of the rogue A/V most likely.

Hi

It just has security warning. With a big red cross with the above writing. It’s now saying in another box (antivirus software alert) that the comp is being attacked by a virus or password-stealing attack, a Trojan-dropper or similar

Simon

antivirus software alert is probably it. http://www.seasonsecurity.com/how-do-you-uninstall-antivirus-software-alert-94590

Run a malwarebytes scan as suggested.

Thanks for all your help, will bosh it out tomorrow. Then I’ll let you know how it goes.

Simon

Don’t thank me 'till it’s gone, but you’re welcome nonetheless!

Hope it works for you.

Hey

Just a quick update, installed malwarebytes onto the comp. It wouldn’t allow me to open it up and run a scan saying that mbam.exe was infected. Entered safe mode and ran a quick scan. It found 7 threats, I put them in quarantine. Restated comp, and it’s still the same. Now running a full scan again in safe mode. Will report after thats done, but I’m stuck big time.

Simon

If MBAM does not cure it

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

We might need a malware expert’s help on this one. I’ll see if I can get in touch with one.

-woops… there he is now ^!

Still not gone, will donthe above tomorrow when I can get onto another computer.