Hi, I need some help with this damn pop-up…It comes out for every 1-2hrs everyday. I used Dr Web detector or something, I used malwarebytes, and my own anti-virus, still, the pop-up still show every now and then. here’s a picture of the pop-up:
You have a very strange,(unknown to google) entry running from your system32 folder.
Before you consider fixing the entries,can you upload DB63C0.EXE to virus total, and post the results please
I smell a rat here,I hope you don’t have a rootkit. There is no way you could have an unknown file running in that location.Try the ’ show hidden files’ .If that does not work,then we should fix the entries, and scan for a rootkit.
Also, you have two threads going,this is confusing,please stick to just one
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
From what Tech said, I just used the applications that most users here said were effective, which is DrWeb CureIT! and MBAM. I’ll go listen to micky77 first, cause he already started lol…thanks btw, it’ll be a backup :D.
@micky77
sorry, all I know on showing hidden files is the “show hidden files” one. So, here, I found it lol.
Tech,is vastly more experienced and knowledgeable than me,i tried to download that file,i got alarm bells constantly going off about a trojan,from another av,not avast.
“hxxp://dl9.rapidshare.de/files/47606412/663424469/DB63C0.EXE”
a virus or unwanted program ‘TR/Dropper.Gen’ [trojan] was found.
Are you restoring you pc from an image ? If not,now that you have found the file,fix those entries,using HJT,then reboot,the file should still be there,but inactive.Then send the file to virustotal and avast and Nod http://www.virustotal.com/virus@avast.comsamples@eset.com
If you are restoring from a previous image,this is by far the best idea,if only everyone bothered to create backups, this part of the forum would be redundant. Sorry i did not get back sooner, i’ve been in A&E, having my broken and dislocated fingers mended
I don’t quite follow, even if you have fixed with HTJ, the file will still be on the pc, but you should be able to delete it.( in safe mode ) Or do you mean,after fixing,the entry is still returning in HJT logs ?