Hi I stupidly fell for fake amazon confirmation email % clicked on a zipped attachment ::)! It contained a virus. I have AVAST on my laptop which picked up an infected file at SVC:CCALib8>CALMAIN.exe in it’s quick scan, but it couldn’t quarantine it or delete it. I then looked in my downloads file where the dodgy download was still sitting and ran avast scan specifically on this file- it said it was virus Win32:Dropper-gen[Drp] & it was able to quarantine it. After doing that though it still kept picking up a virus on CALMAIN.exe. After looking online this .exe seems to be the canon online library (to do with my printer?) so I uninstalled these parts of the Canon program after which AVAST scan didn’t find any infected files. Have I done enough to remove it & clean my laptop and do you know what that virus does?
follow instructions here. http://forum.avast.com/index.php?topic=53253.0
attach logs (not copy and paste) AdwCleaner / Malwarebytes / OTL
and next time you recive attachments or suspicious files, upload and test it here before opening
alternative: www.metascan-online.com / www.jotti.org
Thanks -Forgot to mention I ran Malawarebytes too- I ran it on the download virus file itself-and it didn’t pick it up, only AVAST detected infections- will follow instructions & post logs shortly. Yes would never normally open a file like that I’d just ordered s’thing from amazon & did it without thinking!
panther, if you only downloaded the zipped file that was attached to an email, and then you unzipped the zipped file, which, i suppose, contained a malicious “EXE” file, but you didn’t actually excecute the malcious EXE file, maybe because the “avast” program flagged it before you had a chance to execute it, then, in that case, i don’t think the malicious file managed to do any harm since it was never executed…
occasionally i download malicous files, for one reason or another… just because i download a malicous file, that doesn’t mean that my computer is infected with malware… as long as i don’t execute the malicious file, it doesn’t do any harm to my computer…
so, the question is, after you unzipped the zipped file, did you execute that malicious EXE file that it contained? if not, then i don’t think that it did any harm to your computer…
regarding the “CALMAIN.exe” file that was flagged, if it was part of “canon” software that was installed on your computer, i would suspect that it was a “false positive” that didn’t have anything to do with the malicious file that you downloaded…
if i am missing something, like, maybe, if, with your email, you can just click on a zipped email-attachment and it is automatically extracted, and the file within the zipped file is then automatically executed, after having been extracted…
if you actually executed the malicious EXE file that was contained with the zipped file that was attached to an email, i think you should assume that your computer was infected with malware and take measures to make sure that the malware is removed, like by following the instructions to run a scan with “adwcleaner”, malwarebytes, OTL etc, posting the scan-logs and then letting one of the “experts” look at the logs etc etc…
p.s. regarding being stupid, i think that virtually all of us occasionally do “stupid” things, with our computers… one thing that i rememeber…one time, i came very close to logging into a fake yahoo webpage that was used for “phishing”… if i hadn’t heard someone say “that’s a phishing webpage!”, i would have logged into it…
Thanks redwolfe- that’s reassuring- you’re saying what I sort of suspected. I don’t know for sure what I would have had to do to execute it- double click and select run if it was a normal file?- which I may have double clicked, but nothing appeared to happen and I definitely didn’t “run” it.
Secondly on my PC zipped files automatically unzip- on my laptop they don’t and I didn’t unzip it.
I thought the CALMAIN.exe was probably a false positive- it was just its detection came straight after clicking on the dodgy file so I wondered if it was a virus as those program files have been there for a year plus and AVAST has never detected them before.
So I’m thinking as I never unzipped the file and my laptop can’t unzip- it must be ok and the detected infection at CAMAIN.exe was just a coincidence. I was just a bit nervous as I didn’t know if the attached Malware could be designed to load up automatically. Mostly due to my lack of knowledge! 
To be on safe side have run scans and here are my results- please let me know what you think thanks!
removal expets are notified and will check your logs. 
Thanks followed instructions down to OTL do I also need to run aswMBR.exe?
Hi,
I see no malware in posted logs. Let’s re-check that with FRST tool. Before you run FRST, re-run AdwCleaner, press Scan button and then Clean button to remove what it found.
And Yes, please post aswMBR logreports too. It’s ARK tool and I need to see that.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Also, can you post here screenshot of avast detections? Or you may wrote here the full path of detected file?
Ok here are aswMR and ADWcleaner logs will now run FRST
Ok Here are FRST txt logs let me know what you think. Thanks.
Hi,
Your system is malware free. FRST log shows me amount content of temp & junk files. We shall use TempFileCleaner to clean varius junk files as temp, cache&cookies.
Please download TFC by OldTimer to your desktop
[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
----- Next -----
We shall remove all used tool in this topic with DelFix tool:
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
----- Next -----
avast has been detected posible USB based malware.
We shall use MCShield tool to check & clean all USB based malware that uses an USB mem-device to expand to host system.
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
=======================
=> As for the other detected entries concern, they are legitimate.
CALMAIN.exe is related to Canon software. All detections in download folder you may just delete.
You may report them as FP.
Temp File Cleaner seems stuck been going 10mins Says emptied Temp folder Temp internet files, Flash cache - all 0 bytes. Not rebooting shall I exit and manually reboot? I think it’s hung- I can’t exit! It isn’t responding so ended process and rebooted, reran it and it came up with o bytes in all the above files straight away- then immediately stopped responding again ???
So shall I move onto next thing and try DelFix?
Reboot your mashine, disable antivirus and malwarebytes and re-try TFC. Is it work?
Disabled AVAST don’t have real time protection with Malwarebytes so don’t thinks there’s anything to disable- same thing happened immediately stopped responding after checking those files I listed above. They were all empty 0 bytes again (they weren’t when it first opened) so it looks like its emptied them. TFC still won’t work though.
Ran DelFIx see report attached.
See AllScans.txt attached.
Hm…probably there is a process or a program that can not be shut down because TFC when it’s start trying to terminate all running processes including explorer.exe.
You would solved TFC problem by searching task manager for process or system tray for running programs that refuses to be shutdown.
For temp & junk cleaning you may download and install CrapCleaner ( aka CCleaner ) instead of TFC.
http://www.piriform.com/ccleaner
CCleaner also has a light registry cleaner.
Thanks that one worked looked like it did indeed remove a load of crap! :)-should feel a whole lot lighter for that. Not sure about USB thing- which one of the AVAST detections pointed to that - was there a date? I’m mostly using one usb flash drive and that seems ok?
and thank you so much for helping me and letting me know my laptop is free from malware
Hi Magna - the CCleaner worked so well on my laptop - seems faster, can I use it on my PC too or is there any danger of deleting needed files?
CCleaner with default settings is usually safe to use … never had any problems with it, including the reg clean
this is one of the “must have” tools i install on all computers
they also have a forum. http://forum.piriform.com/index.php?showforum=4