Each time I turn on my PC.There is a warning that some files are suspected to be infected.These files are always in C:\ProgramDate\Alwil Software\Avast5\arpot and their name changes everytime.The latest infected file is C:\ProgramDate\Alwil Software\Avast5\arpot\bc0d-1a4-10.dat.
What shall I do now?
what progam is detecting the infection ?
what is the malware name ?
Avast did not tell me about it.It suggested me to upload the file to lab and two choices are given.One is delete another is ignore.
you should click ignore and upload to lab for analysis
So you are saying that avast is detecting 2 of it`s own files as suspicious ?..strange
C:\ProgramDate\Alwil Software\Avast5\arpot C:\ProgramDate\Alwil Software\Avast5\arpot\bc0d-1a4-10.dat
is your avast updated ?
yes.My avast upgraded to 5.1.864 and it says my system is well protected.
someting like this
you should click upload to avast lab and ignore so that the file is not removed
but why it is detecting it`s own file…have noe idea ?
I don’t know.But it happens everytime.It’s quite strange.So I go to here for help.
hey i suggest a scan with malwarebytes antimalware.
download, install, update and scan.
if malwarebytes comes up with anything hit remove. and please post the result here.
it sound like something have hit that computer. seens the infection is changing file name every time. just my thought on the problem.
good luck.
well.I did a lightning quick scan and got the report.
memory:
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) → No action taken.
registration table:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDDRV (Trojan.Agent) → No action taken.
HKEY_CLASSES_ROOT\Typelib{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\Interface{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\CLSID{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\CLSID{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\SogouExplorer.AssocFile.HTM (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\SogouExplorer.HTTP (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Beike (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) → No action taken.
Files:
c:\program files\drivethelife\iodrv.sys (Trojan.Agent) → No action taken.
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) → No action taken.
c:\Us
your Malwarebytes log say no action taken ?
update Malwarebytes do a new scan and click the remove selected button to quarantine the infections
Post new log…all of it
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDDRV (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SogouExplorer.AssocFile.HTM (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SogouExplorer.HTTP (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Beike (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) → Quarantined and deleted successfully.
c:\program files\drivethelife\iodrv.sys (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) → Quarantined and deleted successfully.
c:\Users\CJ\AppData\Roaming\microsoft
Post new log.....all of itI hope you updated the program before the scan ? if you had posted the hole log i could have seen
anyway, If you update and scan again, does Malwarebytes say Clean ?
Is your problem gone ?
I’d like to… but the report is in chinese.I translated it by google.Hope you could read it.And the problem did not go.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database Version: 5464
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2011/1/6 13:19:58
mbam-log-2011-01-06 (13-19-58). txt
Scan type: Quick Scan
Scanned items: 140572
The passage of time 5 minutes, 57 seconds
The number of infected memory processes: 0
The number of infected memory module: 0
The number of infected registry entries: 23
The number of infected registry values: 0
The number of infected registry items: 0
The number of infected folder: 0
The number of infected files: 4
The number of infected memory processes:
(Not detected hazardous items)
The number of infected memory module:
(Not detected hazardous items)
The number of infected registry key:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ IDDRV (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Typelib \ {87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ {988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ {802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.XDownloadManager.1 (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.XDownloadManager (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ XunLeiBHO.ThunderIEHelper (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ SogouExplorer.AssocFile.HTM (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ SogouExplorer.HTTP (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ HTTP \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ file \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ htmlfile \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ https \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ mhtmlfile \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ xmlfile \ shell \ SogouExplorer (Adware.Sogou) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Beike (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ SogouExplorer.exe (Adware.Sogou) → Quarantined and deleted successfully.
The number of infected registry values:
(Not detected hazardous items)
The number of infected registry items:
(Not detected hazardous items)
The number of infected folder:
(Not detected hazardous items)
The number of infected files:
c: \ program files \ drivethelife \ iodrv.sys (Trojan.Agent) → Quarantined and deleted successfully.
c: \ program files \ thunder network \ Thunder \ ComDlls \ xunleibho_now.dll (Trojan.BHO) → Quarantined and deleted successfully.
c: \ Users \ CJ \ AppData \ Roaming \ microsoft