Im sorry if im double posting but i dont really know what im doing, and i cant really understand the advice on here!! ive ran the avast scanner countless times and everytime it tells me i have the virus in my operating system and to do a boot scan and restart. ive done this over and over again, and most recently ive been unable to repair the virus or move it to the chest.
when ive ran the scan again on the computer, win32 trojan comes up but i get an error message saying it cant be found, or that its involved in a process.
and not only that but i seem to have anti virus warnings in the bottom right hand corner of the screen (not from avast, im assuming they too are a virus) AND when i log onto internet explorer my home page is: http://syshomepage.com/security/xp/ i have tried changing it again and again but it changes back straight away.
this hasnt been detected by avast in any of the scans that i know of! i dont know what to do as im getting nowhere with scanning my computer, and I dont know how to go about using your advice! please help me!!!
Jamie
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
-
Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.
-
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! instead. -
It will be good if you download, install, update and run SUPERantispyware, MBAM or SpywareTerminator.
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones see here. -
If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.
-
Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
-
After you’re clean, disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After disabling you can enable it again. To use System Restoration it’s necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
-
Use the immunization of SpywareBlaster.
-
Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
ok,first off thanks for your help!
I have:
- cleaned the temporary files with cleanup.
- Ran the boot time scanner with avast and used DrWebCureIT.
- Downloaded and ran Spyware Terminator
- Used avast anti-rootkit.
the computer seems a better, when i did the last boot scan it came up totally clear, and when i run avast now it no longer recommends a boot scan. avast isnt detecting anything now.
HOWEVER when i start up internet explorer my homepage still keeps changing to http://syshomepage.com/security/xp/ and although ive tried blocking it using the toolbar with the Spyware Terminator, its not working. any ideas as to what i should do next? i dont think my computer’s clean yet!!!
Certainly not clean,that site you are directed to,has links to the infamous rogue AV2009.Use the links that Tech posted to download MBAM and SuperAntiSpyware.
For MBAM > * Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the install, place a checkmark next to the following two options:
Update Malwarebytes’ Anti-Malware
Launch Malwarebytes’ anti-Malware
* Click Finish.
* MBAM will automatically update and launch, if the above options are checked.
* Once the program launches, select Perform quick scan, then click Scan.
* When the scan is complete, click OK → Show Results to view the scan results.
* Pace a checkmark next to all the items found, and then choose the ‘Remove Selected’ option to move the selected items to the quarantine.
* When the scan is finished, a log will open in Notepad with the scan results.
* You may be prompted to restart your computer , in which case you can retrieve the log afterwards by reopening MBAM and selecting the Logs tab.
Then run SAS , both programs produce logs, copy and paste the results,and post them back here
ok ive downloaded both of those and everything appears to be fine. Superantispyware didnt give me a log, but MBAM did, but its really long! should i just copy and paste or PM someone?? or is there a way of posting a link?
thanks!
Open SAS, Preferences, Statistics/Logs, select the log and click the View Log. By default I believe logs are kept including empty ones (no detections), ensure that you have these options checked.
You can split it over two or more posts or attach the .log file to your post, when you click Reply, click the Additional options, that allows you to attach specific file types.
ok this is the log from mbam, i had to save the SAS one somewhere else so i could attach it.
Hi :
The Malwarebytes Anti-Malware Scan “Detected” many really bad “pieces” of
malware and you only ran its “Quick Scan” that took less than 5 minutes .
Recommend you now run its “Full Scan” and see what it possibly finds
and Post that Log when the scan finishes, assuming it finds anything .
From the SAS log, your file threats are only tracking cookies not a security issue but a minor privacy one perhaps. Periodically clear out your cookies and only accept cookies for the site you are visiting, block third party cookies.
The others I take it you allowed SAS to quarantine, etc. as they should be removed.
Wow, MBAM certainly cleaned house for you and the detections look good mostly related to rogue programs.
If you haven’t already done so reboot and run another ‘full’ MBAM scan.
Hopefully your fake warnings will have gone.