Gente, ultimamente tem aparecido uma mensagem do Avast informando uma atividade suspeita com infecção IDP.ALEXA.51.
Todas as vezes eu seleciono a opção para o Avast corrigir automaticamente e sobe um pop-up na tela informando que a ameaça foi bloqueada antes do ataque, mas mesmo assim a mensagem volta aparecer alguns dias depois.
Como posso remover essa infeção definitivamente?
A ameaça sempre vem desse mesmo caminho: C:\WINDOWS\TEMP\WARSAW_10976\CERTUTIL.EXE
Obrigado pela atenção.
Olá Giovanne.
Foi instalado algum programa recentemente
Por favor. Envie este arquivo para o Virus total
postar o link do resultado
Boa noite Jefferson.
Então, fui no caminho que havia mencionado na mensagem anterior e não encontrei a pasta “warsaw_10976”, só encontrei com números diferentes, ex.: warsaw_6086, mesmo assim fiz a análise de todas. Segue o resultado abaixo.
Arquivo já analisado
This file was last analysed by VirusTotal on 2017-04-12 04:28:00 UTC (2 meses, 1 semana ago) it was first analysed by VirusTotal on 2014-06-06 21:22:47 UTC.
Taxa de detecção: 0/61
Você pode visualizar a última análise ou analisá-lo novamente.
Referente a programas instalados recentemente, é possível que algum tenha sido instalado sim, mas não a data precisa que começou a aparecer essas mensagens do Avast, pois não sou o único que uso o computador.
Obrigado por responder
Execute a ferramenta abaixo e um especialista em remoção de vírus e worms seja notificado.
http://www.mcshield.net/personal/magna86/Images/frstico.png
• Faça o download Farbar Recovery Scan Tool Por Farbar e salve-o no seu Desktop.
http://www.mcshield.net/personal/magna86/Images/FRSTGUI.PNG
[*]Clique duas vezes para executar o FRST. Quando a ferramenta abrir, clique Sim Ao aviso de isenção.
[size=7pt]Aguarde um momento enquanto a ferramenta verifica se existe uma versão mais recente. Quando a ferramenta diz"A ferramenta está pronta para uso." FRST está pronto.
[*]Pressione [Scan]botão.
[*]A ferramenta produzirá dois arquivos de log chamados FRST.txt e Additions.txt No mesmo diretório, a ferramenta é.
http://www.mcshield.net/personal/magna86/Images/FRSTLogs.png
[*]Por favor, anexe ambos gerados FRST.txt e Additions.txt logs.
Boa noite Jefferson.
Segue os anexos solicitados.
Obrigado pelos logs
dbrisendine irá analisar os mesmos.
Por favor tenha paciência.
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
[b]Advanced Calendar 2.0.0.11382
Amazon 1Button App (Version: 2.2.2 - Amazon)
Amazon 1Button App (Version: 2.3.4 - Amazon)
Amazon 1Button App (Version: 2.3.2 - Amazon)
Amazon 1Button App (Version: 2.3.8 - Amazon)
App Explorer
Auslogics Disk Defrag[/b]
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
How is the system running now?
Procedimentos realizados. Mensagem não voltou a aparecer.
Obrigado pela atenção pessoal.
Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings
http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png
[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.
You can delete any log files left on your desktop as these are no longer needed.
Espero que problema tenha sido resolvido.
Eu recomendo seguir as instruções de dbrisendine acima para remoção de todas as ferramentas utilizadas.
para que não ocorra erros mais tarde e agradecer pelo trabalho.
Jefferson,
Um amigo havia usado o kaspersky removal tool, pensei que o problema havia sido resolvido, mas a mensagem voltou a aparecer novamente.
dbrisendine,
Não foi possível desinstalar os programas abaixo pelo painel de controle porque o botão para modificar/desinstalar está inativo.
Amazon 1Button App (Version: 2.2.2 - Amazon)
Amazon 1Button App (Version: 2.3.4 - Amazon)
Amazon 1Button App (Version: 2.3.2 - Amazon)
Amazon 1Button App (Version: 2.3.8 - Amazon)
Segue abaixo log delfix
Obrigado por informar. Eu repassei esta informação ao dbrisendine
Aguarde pela resposta.
We will need start with fresh logs please.
Please follow the directions for scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware
Malwarebytes Anti-Malware log, the FRST.txt and the Addition.txt logs. Thanks.
dbrisendine, Logs solicitados:
Logs restantes:
Geovanni fiz uma compra do Avast premier no meu cartão hiper card só que veio constando duas compras no meu cartão e gostaria que vocês cancelasse uma das compras. quando estava fazendo a compra deu um problema na pagina e tive que preencher tudo de novo creio que por conta disso gerou dois pagamentos no meu cartão.
Alex, o melhor caminho para obter suporte comercial (compras, renovação de licenças, devoluções de pagamentos, etc.) é através de um tíquete: https://goo.gl/ydznCd. Teremos o prazer de atender a sua solicitação. Saiba mais sobre os nossos canais de suporte: https://goo.gl/sCeKbm.
Giovane.
Todos os logs solicitados foram executados, dbrisendine irá verificar isso, como ele está em outro País. Então deve responder mais tarde devido ao fuso horário.
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
Advanced Calendar 2.0.0.11382
Amazon 1Button App
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
THIRD >>>>
Junkware Removal Tool
Please download JRT from here to your desktop.
Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.
Double click the JRT.exe file to run the application.
The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).
When it is asked, press any key to allow the program to continue / run.
This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.
Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
FOURTH >>>>
AdwCleaner by Xplode
Download AdwCleaner from here or from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don’t want to remove.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot (if one is needed) a log will be produced; please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt
Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.
LAST >>>>
Malwarebytes’ Anti-Malware
Please start Launch Malwarebytes’ Anti-Malware and check that it has the latest updates.
Once the program has fully updated, Proceed with the Scan options and select “Threat Scan”.
After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.
https://www.malwarebytes.com/support/guides/mb/images/13a.png
Put a checkmark on all detected and click on “Quarantine Selected”
https://www.malwarebytes.com/support/guides/mb/images/18a.png
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
https://www.malwarebytes.com/support/guides/mb/images/19a.png
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
INFO TO REPLY WITH:
How is your system running now?
How did the uninstall(s) go? Any problems?
The Fixlog.txt text file.
The JRT.txt file.
The AdwCleaner[C#].txt log file.
The latest MBAM scan report log.
Any questions?
Boa tarde, dbrisendine
Advanced Calendar - não aparece na lista de programas instalados no painel de controle.
Amazon 1 Button App - botão para desinstalar ou modificar estão desabilitados.
Logs anexados: Fixlog, AdwCleaner e Malwarebytes.
Malwarebytes
Tem aparecido diversos pop-ups bloqueado o programa Vsnapshot, como posso corrigir isso?
Obrigado pela atenção.
