My wife,who I’ve told a million times not to open anything from someone she didn’t know got an e-mail from,exact-delivery@fed,and she clicked on the attachment at the bottom. She wasn’t sure she had a package coming via Fed Ex as she orders from different vendors online constantly. I told her it was a complete scam but it was too late. I ran full virus and malwarebyte scans with negative results, but I was wondering that maybe if I did get infected that the infection wasn’t in avast or malwarebytes database yet. It could just be me being paranoid but I want to be sure I’m not infected,I asked her if anything appeared to d/l when she clicked on the attachment but she knows less about computers than me,all she said was a box opened that she never saw before,now that tells me a lot,lol,any ideas,thanks.
Ah wives don’t you just love em ;D
Are there any unusual behaviours being seen ?
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
Drives
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
THEN
Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif
I’ve already run a full system scan of avast,everything appears to be running normally,what your asking me to try just seems a bit over my head,
do you still have the mail ?
upload the attachment to www.virustotal.com and test it with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
The two scans are to analyse the Master Boot Record and to analyse recent file additions. Just in case something did get loaded
I can’t find the attachment anywhere if it was downloaded at all,I have another quick question,I still use AOL,when I opened the avast IU and checked on the mail shield none have been scanned. Seems that AOL uses Macafee to do that,is there anyway you know of that I can get avast to be the default e-mail scan??? I don’t even know if what I’m saying at this point is correct,I to sent an attachment to myself and when I open it I get a message from macafee not avast,does that sem normal??? I’m all confused at this point.
how do you access your mail…using a mail client like outlook express or similar…or do you log in with your browser ?
Get all my mail directly from AOL (I think they use I.E.),I’m going to try what you suggested on my wifes lap-top,that way if I screw something up it wo’t be that bad,I’ll get back later with the results if I do it on my main computer,thanks.
avast mail shield does not scan webmail (no av does) so your mail is scanned as normal web traffic by the web shield
i think AOL is protecting all mail accounts with McAfee
You mean I should attach both logs to my next reply after I do all what you said,correct???
yes…and it is 3 logs, OTL will create 2…otl.txt and extra.txt
The 3rd log,the one created by aswMBR,should I just copy and paste that one,or send it as an attachment also?
the aswMBR log is usually small so you can copy and paste it
the OTL logs are big so attach it…or you need 10 post with copy and paste just from otl.txt
If everything goes as planned I should be done soon,will post when I’m finished
Ok here goes,hope I do this right,
Don’t know how to attach to things at once
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 18:39:34
18:39:34.121 OS Version: Windows x64 6.1.7601 Service Pack 1
18:39:34.121 Number of processors: 2 586 0x603
18:39:34.121 ComputerName: KINSLEY-PC UserName: Kinsley
18:39:35.384 Initialize success
18:39:35.915 AVAST engine defs: 12030900
18:40:04.182 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-2
18:40:04.182 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
18:40:04.182 Disk 0 MBR read successfully
18:40:04.197 Disk 0 MBR scan
18:40:04.197 Disk 0 Windows 7 default MBR code
18:40:04.197 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:40:04.197 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:40:04.229 Disk 0 scanning C:\Windows\system32\drivers
18:40:10.157 Service scanning
18:40:21.311 Modules scanning
18:40:21.311 Disk 0 trace - called modules:
18:40:21.326 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:40:21.326 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80027f56d0]
18:40:21.825 3 CLASSPNP.SYS[fffff8800199543f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80027a7060]
18:40:22.481 AVAST engine scan C:\Windows
18:40:24.306 AVAST engine scan C:\Windows\system32
18:42:01.166 AVAST engine scan C:\Windows\system32\drivers
18:42:06.923 AVAST engine scan C:\Users\Kinsley
18:43:23.020 AVAST engine scan C:\ProgramData
18:43:46.638 Scan finished successfully
18:43:58.042 Disk 0 MBR has been saved successfully to “C:\Users\Kinsley\Desktop\MBR.dat”
18:43:58.042 The log file has been saved successfully to “C:\Users\Kinsley\Desktop\aswMBR.txt”
I hope I didn’t make this to difficult for you
you did just fine 
essexboy is in bed now…so come back tomorrow and get his verdict
Will do,and again thanks for all your help,t/c.
Good morning,hope someone checks out the information I’ve supplied,I don’t know what time it is where those who know if my computer is Ok or not,like I said previously, I’m not even certain anything bad has happened or not. Thanks again in advance.