I recently downloaded Avast Anti Virus Home Edition today. It scanned my system once when I had to restart my computer after installing Avast, plus I did a thorough scan earlier. According to Avast there are 19 objects on my computer infected. I got rid of AVG Anti Virus (free version) today as well due to it not being free anymore, so I’m assuming it missed some things whenever it scanned my computer. I am using Windows XP Home Edition. Any kind of information/help would be greatly appreciated. Below are the objects that are infected, and are categorized by each virus type.
Win32:Ebamom [Adw]
File Name: EbatesMoeMoneyMaker1.exe - Folder: C:\Program Files\Ebates_MoeMoneyMaker
File Name: A0136564.exe - Folder: C:\System Volume Information_restore(a bunch of numbers and letters are found here, if needed let me know)
Win32:Adware-gen [Adw]
File Name: randreco.exe - Folder: C:\Documents and Settings\Owner\Local Settings\Temp
File Name: MMaker2.exe - Folder: C:\Documents and Settings\Owner\Local Settings\Temp\THI1CC7.tmp
File Name: MiniBug.exe - Folder: C:\Documents and Settings\Owner\Local Settings\Temp
File Name: disp350.exe - Folder: C:\Program Files\Ebates_MoeMoneyMaker
File Name: BTGrab.dll - Folder: C:\Documents and Settings\Owner\Local Settings\Temp
File Name: BTGrab.dll - Folder: C:\WINDOWS
File Name: A0136563.exe - Folder: C:\System Volume Information_restore(a bunch of numbers and letters are found here, if needed let me know)
As you can see it’s quite a bit of a mess, and I’m very unsure of how to fix any of these problems. Also, when I first installed Avast and my computer restarted doing a virus scan before entering windows desktop it attempted to repair these files but I recieved this error: ‘Repair: Error 42060’. Just wanted to mention that incase it would help. Any form of help is greatly appreciated. Thank you in advance to anyone who replies.
Some of these adware infections can be difficult to remove and require a specialist tool- please let us know if you still see pop-up ads after running all the scans.
Cleaning up your temporary internet files before scanning would be a good idea. Try CCleaner:
AVG wasn’t out of date. I’m very conscious in regards to keeping my computer safe, but apparently that didn’t work out too well ???
Everything I listed was sent to the chest immediately upon finding it when I realized I could not repair it.
I had already scanned my computer with Ad-Aware SE before previously posting the viruses that were found. If I need to continue with using the other programs you listed please let me know. Thank you for your help!
By the way, I can’t copy and paste both of the logs, not even just one, into a post because I get a message about the post exceeding the maximum amount of characters allowed. Is there another way to show the logs on here?
Hello, FreewheelinFrank, I do not use Internet Explorer. I use Firefox, however Internet Explorer is on my computer. Does that mean I should delete it?
SpywareBlaster is different: it adds killbits to IE to prevent ActiveX spyware from running, and adds bad sites to the restricted zone of IE so that they cannot run malware scripts etc to attack your computer should you visit the site. It doesn’t scan at all like AdAware or Spybot Search & Destroy, although Spybot has a similar function called ‘Immunize’.
SpywareBlaster doesn’t run in the background- just install, update and enable all protection. Check for updates every month or so and enable protection again.
All the programs mentioned in this thread you can keep on your computer and scan with from time to time without them taking up resources, with the exception of SuperAntiSpyware, which has a residual process which will take up resources. AVG Anti-Spyware has real-time protection during the month-long free trial, which again will take up some resources, but will revert to an on demand scanner at the end of the trial which doesn’t take up resources.
A random Google for one of the items detected suggests your problem may be adware which comes bundled with free software:
This is not a virus or trojan. There is more than one version of this Application.
This is a process or IE Browser Helper Object that monitors addresses entered into web forms. These addresses are sent to a remote location and are recorded into a database.
This program is generally installed by certain 3rd party applications, generally freeware. The third party installer installs all the files for this program. Once the application is run, it creates a registry entry to run the program at startup:
As the write-up says, this is not a virus or Trojan. AVG Free does not detect “potentially unwanted programs” like this (you have to get the pay version for that) but avast! does.
The answer is to only download free programs from sites which have a no-spyware policy. My personal favourite is snapfiles.com.
These infections seem to be mostly adware- which the free version of AVG does not detect.
Frank - are you saying AVG Free doesn't detect [i]any[/i] adware, or just that those listed above are not among its detections? If its the former I thank you for that information. I wasn't aware of it.
If I need to continue with using the other programs you listed please let me know.
Anytime that much finds its way onto a computer I feel its best to throw all the available tools at it. It's time consuming but better to deal with the problem now rather that risking a larger problem later.
FreewheelinFrank’s suggestion about installing SpywareBlaster is a good one but make sure your computer is clean first. Installing it with active malware can cause problems. Even more reason to run additional scans.
You could save the logs as text files and attach them.Click the additional options located right below where you type in a post. Don’t preview before posting.
Frank - are you saying AVG Free doesn't detect any adware, or just that those listed above are not among its detections?
Like Antivir Free, AVG Free does not detect “potentially unwanted programs”. The AVG Free homepage says the free version does not detect “spyware”, but the program certainly does detect Trojan downloaders associated with spyware. In the recent computer shopper test here, AVG Free had the best detection of “web-based threats”, beating even Kaspersky. These "Web-based threats were described as “malicious” “Spyware”.
My interpretation of “potentially unwanted programs” is adware, but I don’t know how exactly Grisoft define the phrase: some forms of ad-displaying programs which don’t ask for permission to install and which resist removal might well fall outside the definition.
Sorry it’s been about 5 (i think) days since last I responded. I have been fairly sick. Anyway, I installed SpywareBlaster along with Spybot Search & Destroy. Everything that Spybot Search & Destroy found it was able to repair. I’m going to try attaching a copy of the 2 logs that I have from Ad-Aware SE. Hopefully it works.
Update: I installed SUPERAntiSpyware Free Edition on my computer and did a scan with that. It found a total of 16 objects, which were sent to quarantine. Here is the scan log:
SUPERAntiSpyware Scan Log
Generated 02/26/2007 at 08:35 PM
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.reunion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ath.belnk[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banner[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media4.sitebrand[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tracking[2].txt
Adware.APHelper
C:\WINDOWS\SYSTEM32\APHELPER.DL$
I would think that I could delete the first 15 objects (cookies) that are in quarantine, correct? But what about Adware.APHelper? I’m guessing that’s a virus, and if it is, since it’s in that particular folder I will need to find something to remove it/repair it, etc.
The cookies can be quarantined or deleted. They’re really not worth keeping since they will be recreated if you visit the same web sites again. I usually clear all of mine when I’m finished browsing.
C:\WINDOWS\SYSTEM32\APHELPER.DL$ looks like more adware. Is SuperAntispyware unable to quarantine it?
There are two reasons to put files in quarantine. First, it could be a false positive in which case removing the file can break a program that used to be OK. Second, some adware can be linked to software you want and will render that software inoperable if its removed. If you deleted the file your options are limited.
Putting the file in quarantine for a couple weeks gives you a chance to work with your programs and see if anything is malfunctioning. If nothing is wrong you can delete it but, if something is going awry, you can scan the file again to see if its still detected as adware. If it is still detected you need to make a decision as to whether to live with the ads or live without the associated software. Most adware is, afterall, more of a nuisance than anything particularly damaging.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 29 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you probably can’t do this with the file in quarantine, you will need to move it out to a temporary folder.
You can post the results.
If multiple AVs detect it send a sample to avast, if you are not getting a virus warning that you believe is a new, undetected malware, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus or false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Thank you, DavidR. I really appreciate your response. I’ll do a scan with those two and then possibly run a scan once more with Avast. After that pending on what goes on I will send the stuff in to Avast. Again, thank you for your help.