[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[]Under the Custom Scan box paste this in
Right now, the computer is running fine with no unusual behavior. The last thing that happened was when we got this blue Avast screen that said we had this Win32 malware-gen and where it was. I had to restart the computer to get out of that because pressing any of the keys indicated did not work. Since then, there have been not other incidents or warnings.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I had already downloaded malwarebytes after reading posts to other people with this problem. It found a lot of stuff. I am running the scan again and will also run an Avast scan and then let you know what happens.
I started the Malwarebytes scan. In the middle of it, I checked to see how it was doing and there was an avast warning window that said a virsus - Win32malware-gen - had been found and suggested that I move it to the chest, which I did. The malwarebytes program is still scanning.
You should still be able to see what those file names and locations were, File System Shield, Show report file.
Or open the avast chest and get the information there.
I may be that as MBAM opens files so that they may be scanned, this forces avast to scan the file also, so it may be that avast jumps on something before MBAM scans it. So in effect you have a degree of duplicate scanning going on.
I tended to pause/stop avast File System Shield whilst running other security scans. This avoids this duplication of scanning, reducing overall scan duration and avoiding any possible conflict.
I looked in the Avast log and couldn’t find a record of the avast thing that just happened or that I had moved it to the chest. What I did find in the log and chest was a record (mostly from 4/26/10) of that win32 virus in many different files including system volume information/restore . . . and temporary internet files. Was that a real avast alert that came up earlier today or a fake caused by a virus - is that even possible?
Like I said there is no trace of the activity done today. But here are a couple of the files found back on the 26th:
zpscon_1272316048.exe found in C:\DOCUME~1\Lager\LOCALS~1\Temp
zpscon_1272295690.exe found in C:\Documents and Settings\Lager\local settings\Temp
Maybe it was a false positive because the Avast scan just finished and found nothing.
If you moved them to the chest (a protected area) as you said, then avast won’t subsequently find them, so you shouldn’t have a problem.
Given the file names and the location, I suspect that the detection is good.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
However in this case since they are also from a Temp location these files are of a less critical nature and could be deleted sooner, but it isn’t a good habit to get into, follow the general rule above.