I need help

Hi, I am currently looking for a job and don’t have very much money. I use my laptop for practically everything and i find myself now getting the urge to take a hammer to my laptop.

I have used all sorts of anti virus products and have found avast to be alright, however at the moment it is killing me. It gives me a message saying “Virus Detected” Win32: Trojan-gen {other} and no matter what i do, avast will not delete, contain or repair it. It just says it does and then pops up again every five minutes, sometimes with a diff name.
Now i have used all sorts of spyware scanning tools and each and every one tells me i have over 2000 threats! However then you have to pay to remove them and with no money…well you can guess that they just dont get fixed. Why is it that avast does not detect or remove these other threats?
Is there anyone out there who can help because if my laptop crashes i am doomed. I know money makes the world go round but is there anyway i can fix my laptop without having to pay?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log

Can you be a little more specific than:

Now i have used all sorts of spyware scanning tools and each and every one tells me i have over 2000 threats!

What spyware scanning programs ?
If these are reporting over 2000 threats, I would be considering these may be more likely rogue programs than security programs (or you system is completely stuffed and you should notice that).

Since you give no examples of what these fine, malware name, file name and location, etc. it is impossible to say.

-= A Boot Time Scan would probably help…

(1) Open Avast Simple User Interface
(2) Click on the drop down list at the upper left
(3) Select Schedule Boot Time Scan

-= This could probably remove most but not all of the threats… But, in case the “anti-spywares” you just used are rouge, we would probably take more time to disinfect your laptop…

-= By the way, here are some trustworthy anti-malware/spyware:

(1) Malwarebytes Antimalware
(2) SuperAntiSpyware

The infected file "C:system volume information\restore{d4efcf8a-3b54-4a09-ae84-713f4ece6f20}\rp166\a0009141.exe

Sorry it took a while im having to write them down first. However when it first detected the file it was in the system folder, then when it came up again it was in my temp folder. Thats the latest warning i have.

I have tried spyware doctor, spware remover, spyware registry cleaner etc.

There is no need to write them down that is why I gave a location for the Warning.log as you can copy and paste the relevant lines.

You didn’t give any examples of the these file threats, malware name, file name and location.

Spyware Doctor is a known one, though a name is easily copied, the other two, not some I’m familiar with and I may be more inclined to only use main stream products to avoid rogue spyware.

So I would stick with the two chronoboi001 mentioned and gave links for.

sorry took so long to get bk. I ran a boot scan and it said i had no infected files only :

File C:Documents and settings\natalee\local settings\temp\Te_wXnxT.exe.part\setup_Wm.exe error 42127 {CAB archive corrupted)

File C:Documents and settings\natalee\my documents\games_DS_menu.sys.\Harvest_moon_DS_island_of_happiness_nds_junkrat\jr_hvih. Jpg error 42125 {zip archive corrupted)

So blatently the second one is a download that screwed my comp. However when the scan was finished up popped the same message from avast earlier.

C:DOCUME~1\natalee\LOCALS~1\Temp_A00F14A119e.exe. da
Win32: Trojan-Gen {other}

Then when i tried to contain to chest it said, “The specified module could not be found”
btw if im not giving u enough info tell me in layman terms what it is i need to be saying, soz.

I doubt that the second one screwed up your computer, as files that can’t be scanned are just, can’t be scanned, not an indication they are infected or otherwise.

Just clear your Temp folders to make sure it has gone.
CCleaner - Temp File Cleaner, etc.

You haven’t given any examples of what these 2000 threats are, as I said, what the other anti-spyware that you ran, e.g. the Malware name (like the avast win32:trojan-gen, they too would have names for the type of malware they detected), the file name it was detected on and the location the file was.

We need it in your words what is happening as “I use my laptop for practically everything and i find myself now getting the urge to take a hammer to my laptop.” doesn’t explain why, g.e. what symptoms, etc. ?

In the meantime run those other programs and post the contents of the logs that they produce.

Hold on boys we have a winner, i can get into my internet and all my other files now. Before when the virus box was coming up it was not allowing me to do anything else, and when i tried to press delete or repair ect it was saying it couldnt find the file then popping up with the same error message in 2 secs. Also when i tried to move the box the screen behind it was white, so when i was typing to you guys, i was having to type and guess what i was doing at the same time. I was also having to click delete or repair so i could open files quickly before the virus popped up again in the middle of the screen and wouldnt let me do anything again. Thank you guys i think im alright now :slight_smile: love you loads!!!

Ps. i will post the logs cause im running the scans now.

Don’t stop short, continue the process ‘I think I’m all right’ doesn’t really cut it.

You may now be at a point where other tools could reveal more.

Malware found over a thousand, and its not going to let me post the log cause its huge, well over the word limit but here’s a bit to start

Scan type: Quick Scan
Objects scanned: 86151
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 6
Registry Keys Infected: 272
Registry Values Infected: 17
Registry Data Items Infected: 0
Folders Infected: 73
Files Infected: 1107

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) → No action taken.
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe (Adware.180Solutions) → No action taken.
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe (Adware.180Solutions) → No action taken.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll (Adware.180Solutions) → No action taken.
c:\program files\Zango\bin\10.3.75.0\zangosahook.dll (Adware.180Solutions) → No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\Interface{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\Interface{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\Interface{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\CLSID{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\CLSID{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\CLSID{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\CLSID{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWeb) → No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\Interface{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\CLSID{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\CLSID{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\CLSID{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) → No action taken.

do u guys want me to post the whole log cause its gonna take a lot of post’s. Also superspyware is on 2000 + and still going.

Let MBAM remove what it finds.

Post the MBAM log from the top next time.

thanx for the help guys my comp is now clean! :-*

I told you not to stop short ;D

You can attach the log file to the post, see below, attaching the log file is much easier than trying to split it over multiple posts. The adware.MyWebSearch isn’t too serious, but best got rid of. Presumably there are others rather than only adware.MyWebSearch.

  • When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).

-= Glad to help, but just in case that there are still few problems left… You may post a log file of Trend Micro Hijack This so we can check if there are still remnants… :wink:

-= Have a nice day…! [Cause I’m having one now… ;)]