Possible Infection?

Okay guys,

I ran my Avast scan this evening, and it detected some threats. The status of the files reads “PUP Win32-ZangoAQ;” and their severity is low. From what I have gathered, these questionable files are codecs that contain some kind of undesirable or unwanted file. I was very surprised to see this log. .because. .apparently. . a computer user in my house–who shall remain nameless. . grrr–downloaded a program off of Download.com CNET. SIGH. He told me that he had downloaded and installed a particular program, and I did not think there was a problem. . until I saw the scan. .

Instead of deleting these files and running another scan, I decided to do some research on this. I looked at the VirusTotal scan analyses of the files, and was somewhat confused about the results that I saw. Many of the results appeared blank, but what bothers me is that the analyses for some of these files show that they are, in fact, malicious. Some things that I read about a particular file vaguely talk about a particular kind of trojan. I’m worried about this. I know that there are cases of false positives, but I am not sure what I should do.

And now I just got the blue screen of death. My computer restarted. Thankfully, my progress for this message was saved.

I’m kind of stressing over this. . what do you guys think I should do?

I looked at the VirusTotal scan analyses of the files, and was somewhat confused about the results that I saw. Many of the results appeared blank
can you post the link?

PUP = Potentially Unwanted program ( did it install secretly…or did you install it? )
http://searchsecurity.techtarget.com/definition/PUP

Zango is just some annoying Adware/toolbar
http://www.f-secure.com/sw-desc/adware_w32_zango.shtml
http://www.spywareguide.com/spydet_2298_zango_toolbar.html

you can remove it with this…run a quick scan

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

Of course, Pondus

Here you go:

(First file, simply named “setup.exe”)
http://www.virustotal.com/file-scan/report.html?id=3adc9887220fd1bd5f80e18bab4a0357e147204de5439c2f60d5a19c82771ed4-1308101604

Second file:
http://www.virustotal.com/file-scan/report.html?id=91414e8924ea121c3a37957dc483d75971b6e510de832f70f65e3b29e7407306-1306935486

Third:
http://www.virustotal.com/file-scan/report.html?id=be5bf1ae788d9c65dd42c8e654a0d683b1941beda705308e4f20d9d4d4b1cec0-1308120596

Fourth:
http://www.virustotal.com/file-scan/report.html?id=f312f70a6f96176742756586f2f2c170dc7f74d92d6ebdacc7def967e5651820-1308109844

(I hope this is the information you were asking for).

I was not the person that installed the program in question, so I do not know. I’m going to talk to the person who downloaded it later today, but I think it is safe to say that he himself will not know if the programs were secretly installed, or not.

....Many of the results appeared blank....
when blank it means not detected....

i would run a quick scan with Malwarebytes and let it remove what it find…
before you scan you can send those files not detected to avast lab…

Moving files to the Virus Chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501#idt_03

Submitting files from the Virus Chest to avast! Virus Lab
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501#idt_07

Here is a copy of the scan log.

Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6859

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/15/2011 4:06:19 AM
mbam-log-2011-06-15 (04-06-03).txt

Scan type: Quick scan
Objects scanned: 140676
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\User\downloads\setup.exe (Trojan.FakeVLC) → No action taken.
c:\Users\User\downloads\xvidsetup (1).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (10).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (11).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (2).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (3).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (4).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (5).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (6).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (7).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (8).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup (9).exe (Adware.Hotbar) → No action taken.
c:\Users\User\downloads\xvidsetup.exe (Adware.Hotbar) → No action taken.

the log say “NO ACTION TAKEN” so you need to click the “remove selected” button after the scan to quarantine these

Of course, Pondus. I completed the scan after that. . :stuck_out_tongue:

Here are the final results:

Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6859

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/15/2011 4:20:14 AM
mbam-log-2011-06-15 (04-20-14).txt

Scan type: Quick scan
Objects scanned: 140294
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and now all problems are gone ?

Hey again Pondus,

Okay, so. . after doing three different scans, everything came up

clean; however, the computer seemed like it was acting kind of funny.

Things just didn’t seem right. Out of my frustration, I just decided

to restore the system image. Now, that in itself was a little bit of a

fiasco because, I think my Repair Disc has been corrupted somehow. I

overcame the problem, though, and the computer is actually going

through the final stages of the recovery process.

I’ve realized prevention is key. The most difficult thing for me right

now is to get that idea into the heads of those whom I share my

computer with. My problem isn’t necessarily that I’m obsessed with

security “just because. . .” It’s that I’m obsessed with security

because my computer is used for both entertainment (gaming, movies, TV)

and financial purposes. Ideally, I would love to have two boxes, one

only for gaming and surfing, and the other for banking, and such. I do

have to Toshibas, but that does not seem like the best option for my

situation. Instead, I’ve got another plan! I just hope I can get the

others to follow.

If I could keep the financial things separated as much as possible from

the entertainment things, much of my computer-related stresses would be

relieved. .

:stuck_out_tongue:

Thanks so much for your help, Pondus. And thank you for recommending

MalwareBytes. I will continue to use it.