I’ve just got Avast 4 Home, and its running a scan in boot, I’ve managed to deal with most things by putting them in the chest but some of them are now saying ‘file is a windows folder, are you sure?’ I dont know whether I should be sure or not so I say ‘no’ and then ask it to ‘repair’ to which i get an error 42060 message so I ‘ignore’ it but i’ve now had quite a few of these and am begining to panic because I dont know what i’m supposed to do with them now!
They are all coming up in C:\windows\system32\ …‘an assortment of things’ and are infected with win32:Adware-gen [Adw] or win32:Trojan-gen (other) or win32:Rootkit-gen [Rtk] and now win32:Bravix[Drp]
Can somebody please help, computers are completely alien to me so you will probably need to keep it simple!
Indeed, files into system folder could be necessary to boot and sometimes sending them to Chest will mess things… so, there is a second question.
Can you post the files names and paths?
The scan report file is \DATA\report\aswBoot.txt
I also suggest:
Clean your temporary files.
Schedule a boot time scanning with avast again with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Err, you know i said computers were alien to me, at the risk of making myself look completely stupid, I dont know how to post the files names and paths! Sorry, could you tell me what to do please?
Thanx.
File C:\Program Files\VideoEgg\updater.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 11664
Number of tested files: 104995
Number of infected files: 1
09/19/2008 08:01
Scan of all local drives
File C:\Program Files\AntiVirusLab2009\trz9.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\iebt.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\iebtu.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\trz10.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\trz11.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\trzE.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\trzF.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\wcm.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Program Files\Applications\wcu.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\242112\trz12.tmp is infected by Win32:Adware-gen [Adw], Repair: Error 42060 {The file was not repaired.}
File C:\WINDOWS\system32\algg.exe is infected by Win32:Trojan-gen {Other}
File C:\WINDOWS\system32\drivers\tdssserv.sys is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\WINDOWS\system32\tdssadw.dll is infected by Win32:Bravix [Drp]
File C:\WINDOWS\system32\tdssl.dll is infected by Win32:Bravix [Drp]
File C:\WINDOWS\system32\tdsslog.dll is infected by Win32:Bravix [Drp]
File C:\WINDOWS\system32\tdssmain.dll is infected by Win32:Bravix [Drp], Repair: Error 42060 {The file was not repaired.}
File C:\WINDOWS\system32\tdssserf.dll is infected by Win32:Bravix [Drp]
File C:\WINDOWS\system32\trz13.tmp is infected by Win32:Trojan-gen {Other}
Number of searched folders: 11678
Number of tested files: 105066
Number of infected files: 18
The “Report” you Posted shows “AntiViruslab2009”; this is a “Rogue” program
that is installed by the very dangerous “Zlob Trojan” . “Removal Instructions”
on the highly regarded BleepingComputer Site recommend use of the FREE
“Malwarebytes’ Anti-Malware” AND FREE “SmitFraudFix” . The latter program
should be used under the guidance of a trained, experienced, CERTIFIED,
Volunteer “Malware-Fighter” and since you also have the “Zlob” Trojan, I
recommend you seek help at the Support Forums at http://aumha.net , which
is staffed by many “Microsoft Most Valuable Professionals” . They would lead
you in a step-by-step process to “clean” your computer and to install
software to reduce the Chances of getting “re-infected” .
A little off-topic but I’m sad to know that RogueRemover program from MalwareBytes is not being updated as frequently as it should… Antivirus2008 and 2009 were missed miserably…
We can’t eve use it to clean anymore…
Thank you for your help. I have used SuperAntiSpyware and SmitFraudFix and finally run a thorough Avast scan with these results:
avast! Report
This file is generated automatically
Task ‘Simple user interface’ used
Started on 21 September 2008 12:31:51
VPS: 080920-0, 20/09/2008
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Luke\Data\D0000000.FCS [E] The file or directory is corrupted and unreadable (1392)
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1575\A0100221.dll [L] Win32:Bravix [Drp] (0)
File was successfully renamed/moved…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1575\A0101229.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101239.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101240.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101241.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101242.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101265.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101266.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101267.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
C:\System Volume Information_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1576\A0101268.dll [L] Win32:Bravix [Drp] (0)
File was successfully moved to chest…
Infected files: 10
Total files: 104295
Total folders: 11613
Total size: 34.3 GB
Task stopped: 21 September 2008 16:48:19
Run-time was 4 hour(s), 16 minute(s), 28 second(s)
Also, I have Norton 360 at the moment but even though I keep it updated it obviously doesnt work particularly well! Can you recommend any AV’s for me to use instead of Norton? There seem to be so many I just don’t know where to start!
Since avast has only detected infected System Restore point, I suggest you create a new clean one and remove the old ones.
Create a new restore point
You must be logged on to an administrator account
[]Go to Start - All Programs - Accessories - System Tools - System Restore.
[]Click Create a restore point, and then click Next.
[]In the text box labeled Restore Point Description, type a name for this restore point
[] click create
Remove old restore points
[]Go to Start - All Programs - Accessories - system tools.
[]Launch the Disk Cleanup tool and let it run.
[]When it finishes a box with tabs will appear, select the more options tab.
[]On this tab you will find a section for System Restore.
[*]If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
You should only have 1 AV installed at a time. You have avast, so uninstall 360, or conflicts will happen and your protection will be less.
I think you are doing EXCELLENT
following instructions etc
I would have liked to have seen the SAS log just to see if we had any other families of bad stuff
for a double check could you download install update and scan with Malware Bytes Anti Malware Malwarebytes.org
the quick scan is fine unless you can run overnight
then put a check next to anything found and then click REMOVE SELECTED
a backup will be made
I hope nothing is found but if anything is please post the log
a second check would be an on-line scan from say KASPERSKY
It will not remove anything but would tell us if we missed anything
All the scanners used are “on demand” and take no resources unless being used
If you post back your system specs, browser, firewall etc we could suggest some things to help prevent this from happening again