Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then upload the zip file to a file sharing site for me to collect
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
Works for me so I guess that it is scared of AVP. I am downloading it and will then upload to my dropbox for your collection… Give me a bit and I will post the link
Had a BSOD when running/installing Kaspersky. This never happens with this system. Was able to get the program to run, but had to do it offline, with all security programs disabled because of that.
Attached find a .jpeg of install error below.
BTW, have sent you an extensive PM. Hope you do not mind.
Unable to find it anywhere. Have done a system search for *.zip and *.HTML files, nada. 0 results for .zip for last week, and 116 results for .HTML files, but none for the Kaspersky zip file.
It turns out the .zip file is in a temp folder and I can only get it by opening the file manager and copying the file to the desktop whilst in Safe Mode. No User folder ever found at C:\Users\
See attached .jpeg below:
Same exact BSOD as before running in admin with all start up programs running, so it was Safe Mode this time to avoid that issue. I did get it to run [EDIT:] (in normal admin), but then a warning box came up that said AVP was running without drivers?!
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
These are the hooks that Roguekiller found.. All legitimate Apart from that there are no anomalous drivers or services
This is baffling .. I am tempted to ask you to allow the the blocked items and then immediately run Combofix. What are your thoughts on that ?
System will be rebooted and immediately after desktop displays and OA and avast! icons show in system tray, will connect to the internet.
Will do a scan run of Combofix immediatley after that and again in one hour, and post the resulting logs.[/ol]
Have noted that since the scans of various programs have run, the internet connection speed has increased from 5.5 mbs to 104 mbs consistent. 12 mbs service.
Thought: I have been working on another older computer, bringing that one back to life, and using this one to download new software for it, testing that new software on this system first, and removing it from here after analysis. Maybe this autorun is for a program no longer on this system?
Thought: I have been working on another older computer, bringing that one back to life, and using this one to download new software for it, testing that new software on this system first, and removing it from here after analysis. Maybe this autorun is for a program no longer on this system?
Have made numerous hardware changes to this system in the last thirty days, and also have reinstalled various programs including OA firewall, so data that was there during the investigation is gone now.