Can anyone help? I have a HIGH threat come up: c:\ProgramFiles\OnlineServices\Dodo\Dodo.EXE Threat:Win32"malware-gen I tried to move it to the chest as suggest but I keep getting Error: Access is Denied (5) I don’t quite know how or what to do now? Any advice would be fantastic.
I suggest:
- Clean your temporary files.
- Schedule a boot time scanning with avast with archive scanning turned on. This will avoid the “access” error. If avast does not detect it, you can try DrWeb CureIT! instead.
- Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
- Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
- Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
- Clean your Hosts file (replacing it) with HostsMan tool.
- Disable System Restore and then reenable it again.
- Immunize your system with SpywareBlaster.
- Check if you have insecure applications with Secunia Software Inspector.
The boot-time scan as suggested by Tech should be able to get round the access denied error.
Though a google search seems to indicate the detection is good, it wouldn’t hurt to confirm the detection:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
#4, sugest adding “Avenger” a kennel level anti rootkit application.
Thanks everyone, I did the boot time scan and presto, could move it and found another threat. Very, very thankful for your help. Will remember that for the future.
jworm,
Is your problem resolved now? I suggest you rescan your machine to make sure you are clean?
I’m scanning now, and must admit getting a bit worried reading about everyone elses probs with this same Threat. Will see soon I guess, fingers crossed.
Well so far so good. Scan has just completed and NO THREATS FOUND!!! I’m pretty sure I know where it came from, got a suspect email with just a web address, opened email but didn’t go to web, perhaps that was it? I do know that the email came from someone who was nowhere near his computer at the time, and normally doesn’t just send a web add. Not sure if that’s the source but was my best guess? Thanks once again everyone.
If you feel that your issue is now resolved/fixed, please go back to the open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. Thank you.
No problem, glad I could help.
Welcome to the forums.