After avast scan have the following threat warning show up:Win32:Enistery [Susp]
File name is: C:\Windows\Temp\TMPFE4E.tmp; but there are many files listed all with a different TMP identifyer.
When trying to move to chest, delete, repair, the result is: Error:System cannot find the file specified (2)
Have reran scans several times, every time with the same result.
can anyone help with this please? andre’
Try this
TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
rescan with avast! and see if it is gone ?
also check for malware with
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here
Report the result…
Many thanks!!
Fantastically quick response and the right answer as well. The first solution mentioned - tfc - did the trick. Avast scan afterwards still identified the threat, however I was now able to move to chest.
Again, thank you!
Celebrated too early… I normally put the machine in ‘sleep’ mode but when I shut down and restarted the problem recurred exactly as before. So the same problem is now back. I then ran the Malwarebytes option - it found nothing. By the way I ran Malwarebytes right after Avast re-identified the earlier problem at start-up. See log below for Malwarebytes scan.
Any other suggestions please to get rid of this porblem? Thanks.
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4853
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
10/16/2010 11:17:32 PM
mbam-log-2010-10-16 (23-17-32).txt
Scan type: Quick scan
Objects scanned: 147256
Time elapsed: 7 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detecte
you can try running some more cleaners if you want ?
SuperAntiSpyware 4.44.1000 http://filehippo.com/download_superantispyware/
Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us
Norman and DrWeb is not installed, you save to desktop and run from there, when done you can just drag them to the bin
If none of the above work, then do this
Follow this guide form our expert malware remover Essexboy and post the log`s here
http://forum.avast.com/index.php?topic=53253.0
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )
Thanks again Pondus. Let me try all of that and see what happens. Will post the results.
Pondus, just to keep you posted, I continue to have issues but have not exhausted all of your suggestions. I thought I had things fixed and then I suddenly got a Windows Vista start-up problem. Could not get to the desktop window in vista due to a windows error messsage that said: “Microsoft Visual C++ Runtime Library → This application has requested the runtime to terminate it in an unusual way. Please contact the application’s support team for more information.” Of course Microdoft does not help due to the OEM status of my package.Impossible to get past this error message. Have to then shut down, restart F8 (Toshiba laptop) and go to an earlier restore point, in order to get Vista running again and circumvent the error message. But every time I shut down and restart the problem recurs. I just ran Avast again and it gives the original virus detection problem. Now running Norman as per your suggestion. It’a pain. But like I said, not everything doen yet that you had suggested. Hope the Vista thing is not something “in addition to”, but is related to the original virus threat. Thanks.
So, all done as suggested. MBAM and OTL logs are attached. I earlier ran all the suggested cleaners. Trojan.Blabkmailer.1680 was found and moved by DrWebCureIt. Problems persist: (1) Avast keeps finding the infected TEMP files as mentioned in the earlier post and remains unable to clean. (2) Windows Vista at start-up runs into the error message on Microsoft Visual C++ that is mentioned in the earlier post. I have done a repair on Visual C++ but appears to have no effect. Would appreciate help. Thanks. Andre’
Hi the log was saved in Unicode, could you save it in ANSI please
Thank you but would not know how unfortunately
Have a quick look at my picture, open the log then select save as and ensure that ANSI is selected
Finally, sorry, couldn’t find the darn things anymore. Hopefully better now. Thanks!
A question - did you install windows remote management ?
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
NO, did not install remote mgmt. Will do the combo fix now. Thanks.
Ok go to programmes and features and uninstall windows remote management
This can be done after combofix
Log attached. Am missing most icons in system tray at lower right - not sure what that means. Will try to do the remote mgmt now. During Combofix got error message: “PEV.cfxxe Corrupt File . The file directory C: is corrupt and unreadable. Please run the chkdsk utility”.
Log attached. Am missing most icons in system tray at lower right - not sure what that means. Will try to do the remote mgmt now. During Combofix got error message: “PEV.cfxxe Corrupt File . The file directory C: is corrupt and unreadable. Please run the chkdsk utility”.
Log attached. Am missing most icons in system tray at lower right - not sure what that means. During Combofix got error message: “PEV.cfxxe Corrupt File . The file directory C: is corrupt and unreadable. Please run the chkdsk utility”.
Windows remote management was not listed as an installed program and so I did not uninstall.
What’s with all the duplicate posts and attached combofix logs. If it is trying to bump the topic, essexboy, being in the UK, (after 1:15am here) will be in bed.
Have you tried what was suggested and run the chkdsk utility ?
I don’t know if this is a function that can be called from combofix or if it has to be run from a windows command window (cmd).
If it requires essexboy’s input he won’t be back until tomorrow.