@ soumen
This really should be in its own new topic in the Viruses and Worms forum as it is technically unrelated to the original Topic.
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
If you have any other questions, etc. including posting logs, create your own new topic to do that, thanks.
You experiences a block of the MS update, somehow the settings for svchost.exe for www.update.microsoft.com are being blocked, so now it is time to reset the settings database in ZA.
Hold down the Ctrl and Shift keys together
Right click on the ZA icon near your clock
Choose ‘Reset’ from the box that comes up
Choose Yes on the Reset Settings dialog box
When prompted, choose OK to restart your system
Follow the on screen configuration prompts after reboot
That may be the new TDSS variant which takes careful handling - please start your own thread and let me know. I will then assist
PLease do not try to restore the system as one variant will remove all services if you do that
Work-around for the new ActionKey USB malware worm: Preventing AutoPlay for a Component
To prevent AutoPlay from launching in response to an event, add the following REG_SZ value, as shown in this example.
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Explorer
AutoplayHandlers
CancelAutoplay
CLSID
00000000-0000-0000-0000-000000000000The value is the class identifier (CLSID) that the component generating the event is known by in the running object table (ROT). The value has no data.
Important Under this key, the CLSIDs are not enclosed in braces ( {} ).
I have been using the newer free version of Avast for awhile. Before that 4.8. Over the last couple of months I have recently worked 3 machines that have come down with different malware/trojans that Avast did not catch. What program caught it? F-Secure Clean Scan. A free version.
I recommend Avast to everyone who asks but I’m beginning to lose confidence.
The only problem with the Clean scanning software of f-secure is it doesn’t tell me what it caught just tells me “malware”.
Well this is quite common for any resident av solution. It cannot catch all, to many variants, they have to make a selection for their database and cover the remainder with heuristics, too large a vulnerability window to cover and zero-days can also be your deal if you are so unlucky to stumble upon it online. This is not only avast it is with all av solutions, so best what you can do is have some additional non-resident scanning next to it (MBAM, SAS, online scanner of your choice) so the detection range become as broad as you can live with. Additionally if you want to be fully protected use a Mozilla browser with NoScript and RequestPolicy extensions installed, yep, and then, and then you are fully covered,
Hi there
I have a question relating to malware.
I picked up a trojan last night even though my avast was runnin and up to date.
my system restore is diabled and avast has been completely diabled incluing the boot scan it just restarts the pc
and does not scan the pc infact avast says the version installed is unknown how do i remove this threat and restore avast
to its former working order?
please help!
This(Sophos) tool currently only protects against LNK files and does not protect against PIF based exploits. It also does not protect against LNK files or targets stored on the local disk.
I reported here about the third party fixes for the LNK-hole, but I must also tell you that Microsoft will not support these solutions according to Microsofts security-response team’s group manager, Jerry Bryant,
