Hello,

I’ve found something that apparently Avast! can’t handle. My anti spy program says it’s here:

hkey_local_machine \software\microsoft\windows\currentversion\uninstall\internet antivirus_is1

But apparently I can’t seem to get it off my computer because it says that “administrative rights may be required to quarantine items”, whatever that means.

The CA Yahoo! Anti-spy program I use describes it at http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453139365

HELP! What do I do? I can’t seem to get this thing off my computer! You would have to tell me step by step, since I am still learning how to use this computer(it’s been 7 years since my last home computer). I’d be happy to give a sample of the virus to Avast! but I can’t seem to get ahold of it!

Well that is pointing to a registry entry and not a file, so it may be remnants of a previous infection as if there was a file I believe it would have reported it.

anti-spyware applications search the registry as a matter of course during a scan where avast doesn’t. Should avast detect a spyware file then it would look for associated registry entries.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

1. SUPERantispyware On-Demand only in free version.

2. Also MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

If you find it, you can send it in a password protected zip to virus@avast.com

To be sure you’re clean, I also suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

with vista rt click as administrator or log in as administrator

run the scans suggested
go down tech’s list in order
go back to it as we proceed

on avast boot time scan remove to chest do not remove/delete

on mbam update scan put a check mark next to baddies and then click REMOVE SELECTED
ALSO
run
SAS update CLEAN and Quarantine
post all the logs but edit out cookies please