So, I use Avast normally, but I felt there still might be something wrong with my computer. I scanned with Avast and found nothing. I went to F-secure’s on-line scanner. It scanned until it was about 66% and then it blue screen of deathed me. It did detect 3 malware though (the report is below). I am running Vista Home Premium and my Avast is up to date. If anyone could tell me what the report means and what I need to do about it, that would be amazingly helpful. The computer is only slightly slower and I thought I saw some sort of pop up flash for a minute (in several instances) as the computer was shutting down (I’m not sure if that isn’t just a program resisting being shut down), past this the comp is asymptomatic. Anyway, I say all this just to ask for help, and I appreciate anyone who is willing to help.
Thanks in Advance,
Syx0
Scanning Report
Saturday, August 1, 2009 00:27:38 - 00:36:26
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ F:\ G:\
It could well be you if you still would have Norton there or parts of Norton because this is known to be a Norton false positive. This time it was a F-Secure FP.
Question.
Do you have an asus machine? Because the Faux virus can be found as:
So check on: C:\ADSM_PData_0150\DragWait.exe and upload it to virustotal.com for results,
as well as this one: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys
So I would go for the False Positive, like to have that confirmed? Yes it is a FP more than likely…
Ok so forgive my ignorance but how do I go about getting said hidden files to appear normally. I can get them to appear in safe mode, but not in normal mode. This in effect means that I cannot scan the Dragwait.exe or other file without making them visible normally.
Oh and I do have an ASUS machine, and it came with Norton which I never used as I starteed this machine with Avast. In fact, I uninstalled Norton almost immediately.
Run MBAM again and remove this item.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) → Bad: (1) Good: (0) → No action taken.
Ok I ran SAS. It gave me some stuff about a few cookies. I couldn’t find a way to copy the report. It didn’t appear pertinent. As soon as I restart my system, it will remove them. I want to do what Polonus said(above) and check out those two files, but being that they are hidden I can’t access them except when in safemode. Is there anything I can do to change that?
go to virus chest > user files > add files > browse to the folder > type DragWait.exe or AsDsm.sys in the file area(even if you dont see it there.) and click ok.
then extract the file(s) to another folder, well let it be on the desktop, then try to upload it to virustotal. and post the link to that site here.
File has already been analysed:
MD5: 49bd0a002320d9f3266a04b15ba1f933
First received: 2009.05.27 12:21:01 UTC
Date: 2009.06.21 19:40:21 UTC [>42D]
Results: 0/41
Permalink: analisis/d69c0f12a76360297e0fefc0aaa14010ca5b452cc45ee587279a7eb7e549cacf-1245613221
It was neither. I posted at the top that it was F-secure. I normally use Avast and so I figured I would see if my Avast just wasn’t detecting something that was there or if I needed to be worried.