Headache with virus/trojan and dropper which change daily ...

Hi people, I’m new with avast, use to go around with avg but one day I found out lots of new folder on my computer, and avg told me I was virus free, so I decide to switch here because I heard lost of good about avast … but now I’m stuck with a big problem …

Each day I do a scan, and each day avast detect a new virus I didnt had yesterday … I delete/repair 'em. and still all the time I get something new … I got windows defender to scan, malwarebytes anti-malware, spybot, avast … now I even downloaded a firewall (comodo) but I dunno how to use it very well atm … I had some small virus in the past, but nothing this big. if I post the report of my hijackthis, can somene help me find and get rid of the problem ?

this is all the different virus avast found while I scan in the last week :

win32:trojan-gen (this one appeared today)
Rustock.J
Rustock.AN
sHeur2.avzs
win32:neredr(drp) <---- this one avast told me he couldnt vault or delete or repair it …
BV:ftp-L(trj)
Funcom (or something like that I forgot about)

If you have XP, vista or Win2k (all 32bit), you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php. Don’t opt for deletion (you have no options left), always send to the chest and investigate.

I did another scan, and once again win32:neredr(drp) appeared, and once again avast couldnt do anything about it, I think this might be the cause of my problem …

Have you done the boot-time scan as suggested ?

I’ll do it now, it says it’ll take about 45 minutes tough, so I’ll post about it in an hour

You can be more selective in where you scan using the Advanced Options so just select the folder or partition it is in, that should reduce the time. However, it may still be worthwhile doing the full scan as there may be a rootkit element or other elements protecting it in normal mode (hopefully avast may find these too.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

yea, I have malwarebite, and he doesnt detect anything. I ran the reboot scan as it said in the tutorial … but I dont feel like it was done … I dont see anything anywhere saying the scan was done …

Malwarebite… You mean Malwarebytes. If he said you got nothing and the scan was completed well you can alway take a look and do a boot time scan with Avast!

Mr.Agent

nope, didnt work, it still found Win32:Neredr (drp) in my system32.…\localsetting\temp folder … even after the reboot scan … and avast still cant delete it

Superanti-Spyware did found out 6 treat atm, including 1 other trojan that appears for the 1st time … I’ll try to heal 'em and post the log if he cant delete them.

Try clearing your temp file using atf cleaner
http://majorgeeks.com/ATF_Cleaner_d4949.html

I have atf cleaner too … I run it at least once per week too ( got lots of freeware anti-malware/spyware, I read alot of boards about virus and different treats when I got a trojan a year ago :wink: ) … well, he still detect the win32:neredr even after aft, malwarbyte, superanti-spyware and the reboot scan. (Sa-spyware did found a different trojan and says it should be gone now)

When I check the avast file report, it says he cant move win32:neredr to chest because the operation is not supported for this type or archive.

I tried to go directly to the folder, but I cannot find it, when I got to my system32\config\systemprofile\localsetting I can only find 2 folder there, and not the one who avast say is infected …

Send the file to virustotal.com thank and post the result.

So we can see who detect it and if its a false positive.

Mr.Agent

Try

Dr.Web Cureit http://www.freedrweb.com/

Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en

I cant send the file, I cant even access the folder where its locate

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Dr. Web
  2. Avira
  3. BitDefender
  4. Kaspersky
  5. F-Secure

hoooo Dr web wasnt able to spot it in a regular scan, but I select the folder directly, and ask him to scan only that one, and he spot it and was able to quarantine it … hopefully that’ll be the last I ear of all these virus and trojan

i would do a full scan with both dr.web and norman to be sure