I recently got a virus that turned off Avast. Clicking fix was inefective. Trying to download updates or another antivirus was also blocked. System restore would not work. Could still boot with very long boot time. What I think finaly worked was Add or Remove Programs. Starting to remove Avast and selecting repair. This turned Avast back on but it still could not find anything. I ended up downloading Adaware. It found Trojan win32 generic. Then a freind at work told me about Combofix and it deleted 2 folders. I think I am clean but not sure. Have run scans but they show nothing. I do have one folder that I can not delete. I have even tried regedit but searching on the name of the folder turns up nothing. When I scan with avast it says can not read and it will not let me delete it either. I have tried boot time scans with out any effect. Has anyone heard of this trojan or know how it affects your computer? What is it suposed to do? Is it spying or destructive or what? Jeff B
u shouldnt run combofix until instructed by a malware removal expert anyway follow the link to the guide given below and attach the logs then one of malware experts will let u know if u are still infected or not:
http://forum.avast.com/index.php?topic=53253.0
essexboy has been notified he will be here to help u by night…
Can you post a screen shot of the Avast log file that found this Trojan Win32 Generic?
Will the avast log help? Avast never did see it. I got the name from the adaware report and I don’t know where to find it now. I will try to attaxch the combofix log from the second time I ran it. It installed the recovery console and updated itself the second time. Copy and paste did not work.Tried a different way.ComboFix 11-12-24.10 - Jeffrey Brentlinger 12/24/2011 19:38:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.516 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus Disabled/Updated {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\system32\regobj.dll
c:\windows\winhelp.ini
.
.
2007-11-11 12:08 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2007-11-11 12:08 105176 ----a-w- c:\windows\system32\
as i said no using combofix without having instructions from a malware removal expert…see my previous post :
Could you attach the combofix log as it may well show other elements that need removal
I think the log is attached. I have win XP sevice pack 3 Home with 1 Gb Ram 2.01 Sempron No Flags in device manager. Every now and then I get a lot of hard drive activity and programs start freezing up.
I just found where the first combofix log is . Here it is.
Looks like an MBR problem
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif
THEN
Do the following:
Start → Run
type diskmgmt.msc
Click “OK”
Disk Management will open.
Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
I think this is it.
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
[*]Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.
I ran it and it found 11 unsigned items. I recognized some and my MSI motherboard drivers. The log is atached.Dual core center should be the temp fan and voltage monitoring program. Would msibiosdevice be the update program? Would SANDRA be sis soft sandra? I appreciate your help. I am going to build a stand alone computer without internet access to keep my pictures and music away from viruses.
All the MBR areas and functions appear clean. Are you still getting the HDD activity
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
I forgot to select all users. Should I run it again?
One thing I haven’t mentioned is a wild mouse. It takes off on it’s own sometimes in very fast unpredictable directions. I sometimes go to click on one thing and it lunges and clicks something else very quickly.
Are you overclocking your video card perchance ?
Not knowingly. I installed it and let the computer set everything by itself.
I can see no apparent malware from the scans
What are the main problems at the moment ?
I was not sure if I was clean and I was wondering about the odd mouse behavior. I thank you for checking the logs. I am sorry it took so long to respond but my wife wanted her computer upgraded. She bought a gigabyte board and I can’t get the video to work. I am taking it to Micro Center tomorrow. They said scince the parts were just bought they would fix it no charge. If this machine is clean I will go ahead and upgrade the OS. Well after hers is working first. I thank you all. Jeff
If you upgrade the OS that will clean the machine properly - especially if you use 64bit ;D