Hello every1 here, i also have this problem recently.I can play this game till 1 day my mom deleted Avast and installed MacAfee.After 1 day of using McAfee i was upset and changed back to Avast.Here the problem starts,after i installed Avast it detected the launcher.exe a virus.I did not encounter this problem for like a year using Avast till now.Pls help me solve this as quick as posible as i really want to play the game!!
Thank You.
Hi derekdiong1 and welcome to the forum.
Prior to you installing Avast, did you uninstall McAfee with the McAfee uninstall tool? Using more than 2 AV’s can cause all kinds of problems including false positives.
This article provides the steps to remove McAfee from the Security Center from your computer:
http://ts.mcafeehelp.com/faq3.asp?docid=71525
Also for direct download: http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe and http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe (2007)
I would try the uninstaller for McAfee again to make sure ALL remnants are gone, then reboot.
If Avast is not working properly after this because McAfee may have corrupted things, try an Avast Repair:
If this fails, you will need to uninstall Avast and do a clean install of Avast:
Next, run an Avast Full scan. If any infections come up, put it in the Virus Chest. If you have a 32-bit machine, run a Avast Boot-time scan. Report back on the results.
Also check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.
Please let me know if you have any questions. Thank you.
WOW thats a very long list…I’ll try to complete all those and try again,if the launcher.exe is still detected i don’t know what to do next.
Ok,i have cleaned MacAfee frm my com now and repaired Avast.Still same results detected…I’m running a 32-bit com. any more solutions? but i have not delete the Avast.Should i delete Avast??
Avast doesn’t detect the launcher in my comp as virus anymore… but i suggest you to scan your computer with MalwareBytes as suggested as SafeSurf .
@ derekdiong1,
Did you reboot after uninstalling McAfee?
As derick123 said (people I’ve helped tend to remember ;)), yes, run MBAM Full scan and post your results…I need to make sure your machine is clean. Post your results (cut and paste).
If you come out clean with MBAM, then follow my previous post directions for doing an Avast uninstall/clean install. Most likely Avast got corrupt with McAfee (having 2 AV’s on your machine). Reboot.
Do a test drive with Avast and run a Full and boot-time scan.
Report back your results.
yes i did reboot after cleaning MacAfee,now downloading MBAM scared that it will detect launcher.exe as a virus!
Heres the MBAM log:
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 5162
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
11/22/2010 1:18:23 PM
mbam-log-2010-11-22 (13-18-23).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 317587
Time elapsed: 59 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\baidubar.tool (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{d12f94fa-fc9a-41f7-b808-7fbb419dd7a6} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\Interface{4c2bfec9-f03c-4f74-932e-5723e603b4ac} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\Interface{7ef05eff-0e62-4040-8d81-73a10d8de60f} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\Interface{d158174c-004b-4a2e-9410-5442c10c60d2} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\CLSID{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\CLSID{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\CLSID{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\CLSID{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\baidubar.tool.1 (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.1 (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.2 (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.3 (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.4 (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\baidubarx.bandie (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\baidubarx.bandie.1 (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\baidubarx.toolband (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\baidubarx.toolband.1 (Trojan.Cinmus) → No action taken.
HKEY_CLASSES_ROOT\barbroker.bdbroker (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\barbroker.bdbroker.1 (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\AppID{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{5becd27b-dcf5-4def-b066-486a47245c03} (Adware.BDSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{3a8c9d89-3271-45f4-98c0-56b0f5a16172} (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\Interface{2923508c-9425-4a61-b9ce-a98239055916} (Adware.BDSearch) → No action taken.
HKEY_CLASSES_ROOT\CLSID{9f44453e-1e46-4d5c-b57c-112ff2edae82} (Spyware.OnlineGames) → No action taken.
HKEY_CURRENT_USER\Software\Baidu (Adware.Bdsearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX (Adware.BDSearch) → No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) → No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
Folders Infected:
C:\Documents and Settings\Owner\Application Data\Baidu (Trojan.Cinmus) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar (Trojan.Cinmus) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\DownloadTmp (Trojan.Cinmus) → No action taken.
Files Infected:
C:\Program Files\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) → No action taken.
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\rzr-cod4.exe (Trojan.Agent.CK) → No action taken.
C:\Program Files\Baidu\Toolbar\BarBroker.exe (Adware.BDSearch) → No action taken.
C:\Program Files\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) → No action taken.
C:\Downloads\QvodSetup3_ccch.exe (Adware.Agent) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\iexp.dat (Trojan.Cinmus) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\logex.dat (Trojan.Cinmus) → No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\namedsites.dat (Trojan.Cinmus) → No action taken.
there are some infected files should i delete them?? reply ASAP!!
Let Mbam quarantine the findings…!!
See the instructions SafeSurf posted in reply #41…!
asyn
You need to update MBAM again, then run the Full scan again, this time see the quote above and as Asyn and I both said…let MBAM quarantine the infections. Right now they are still sitting in your machine because you told it to “take no action.” You need to let MBAM quarantine it. You do NOT want to delete them.
After this, I want you to do the following:
Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).
Please do not make any further changes to your machine once you have provided the logs.
I will review the logs and I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.
Let me know if you have any questions. Thank you.
Hi there lets do a final check to see if there was a sality infection
Step 1. Preparation to disinfection:
Download the file Sality.zip
Extract SalityKiller.exe
Run the file SalityKiller.exe
Step 2. Registry repair: (Allow the files to merge when requested)
Download Sality_regkeys.zip
Extract the file Sality_RegKeys.zip
Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip
Step 3. Finalising :(Allow the files to merge when requested)
From the archive Sality_RegKeys.zip run the file of the registry key:
[]under Windows 2000 run the registry file SafeBootWin200.reg
[]under Windows XP run the registry file SafeBootWinXP.reg
[]under Windows 2003 run the registry file SafeBootWinServer2003.reg
[]under Windows Vista / 2008 run the registry file SafebootVista.reg
[*]under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg
FULL SCAN
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
ANALYSIS LOG
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[list]
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Thanks Essexboy. 
wait,now which step sould i do?? safesurf’s or essexboy’s steps?? and is it really safe don’t want my parents to worry!!If i screw this up my dad won’t buy me a new com!!
Go with essexboy’s instructions as they are more specific to your problem if you have the Sality file infecter virus it needs special tools to try and a) kill/stop Sality running and infecting other files (steps 1-3) and b) try and repair any files infected by Sality (the full scan with the DrWeb scan.
Finally after that an analysis to see if there are any other remnants/issues and attach the logs as asked for.
I wanna ask how to run in safe mode?? And everyone here is so friendly!!THX guys!!
Press F8 while your system is booting.
derekdiong1,
I was referring you to Essexboy, who is our Certified Malware Removal expert. He come on the forum usually late UK time, so remember to check this thread daily as he will give you specific instructions for your malware removal. I will remain in the background while he works with you. Thank you.
When u mean booting its in the windows loading screen??
There was nothing detected on Dr.Cure.
The OTL log is to big can’t type here.
Attach the log…!
If you write a new post: → Additional Options → Attach
asyn