Hey !
Sorry for posting a new thread about an apparently old problem but havent foun d the solution to my problem yet among other posts.
Avast detects vbs malware gen all the time’
each time i put in the chest and it comes back
It began when i was checking my gmail yesterday
and now keeps popping up.
So i did all the windows updates
ccleaner
Super anti spyware
Combofix
and will be doing a Malbytes scan now
Also installed the latest hijack this but can’t seem to install it in c/
I attach the hijack this log
and the combofix log just in case it might help you to help me
Is this very dangerous for the well being of my computer?
Thanks in advance for any info or help you can give me !!
-= You don’t seem to be using any antivirus… You should download one to keep yourself protected…
-= We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
I’m just popping through the forum at the moment but someone will reply soon. You dont seem to have posted a full HjT log and I expect when someone replies they will ask for a full log.
As for the SAS log - I expect the same will apply.
Avast will not work best when you have another antivirus (Norton) on your machine. This issue will also be brought up. As well, you have two antivirus and they are both disabled. Your Avast should be running, especially if it is alerting to malware.
I think best to enable your Avast and post a full HjT log.
Post a HjT log should be sufficient to start with.
Also have you run a boot time scan yet? Here’s a step by step if you haven’t done one before.
Right click icon with ‘a’ bottom left hand corner of screen, and select to ‘Start avast antivirus’.
will quick test memory, then a Help guide will pop up (close this), followed by the scanner for GUI interface.
Open menu on top left hand corner of scanner, choose ‘start scan’, go through select area, and click to select ‘local disks’. On the popup set ‘thorough’ and check ‘archive’ box (you dont have to do this, but it wont hurt).
Right click My Computer on desktop, and choose Properties. select tab that says System Restore and click. Check the box that says Turn off System Restore and click Apply button. Press OK. This will hopefully clear anything nasty the might be lurking about the back pages of the computer. Now you dont have to do this just yet if you dont want, you can just run the boot scan.
Return to the menu of the scanner and go down list to ‘Schedule boot-time scan’. Click to get Scan local disks, make sure Archive is checked, then check Advanced button. I think best to select ‘Move infected file to chest’ and ‘Allow delete or move’ and then click Schedule button.
Click button to restart computer and let boot scan run its course.
If you do this, someone should have replied by the time you return here.
Removed wat was apparently left of Norton with Norton removal tool
CCLEANER
MALWARE BYTES
SAS
COMBOFIX
And hijack scan
AVAST THOROUGH SCAN
in the same order as listed above
I will attach to this message the logs of malware, sas, and hijack this.
Wasn’t able to get the combofix log
And as ive mencioned above hijack this did not want to install in c drive because it needs administrator authorisation but i am logged in as administrator so dont understand why. Hope this doesn’t affect the hijack log
About the reply from mkis:
will doing a boot scan and disabling system restore affect the information on my computer?
I dont want to lose the information cos not everything is backed up
Extra info:
Malware scan resulted clean
SAS scan found c/ windows.pev.exe threat
combofix wasnt able to access all files
and Avast either and found no threats
But i just started my computer and as soon as the main icons loaded the avast alarmed me again with the same threat:
VBS malware gen
It popped up at the same time as the MSN messenger page opened and simplify media loaded.
maybe they are infected?
I had no other online applications or pages open when the alarm went off
Yesterday while I was doing all the scans my desktop backgroud picture disapeared
I did next on SAS but will do it again just in case
i ll do the HJT again in normal mode after that and post a log
About the firewall… well i only have the avast and the windows firewall.
It is activated, is there anything i can do to improve the windows firewall or should I use an extra firewall?
Windows does mention that two firewalls running at the same time can bring interference
Do i disactivate the windows firewall and download a better one?
Do you have any suggestions?
About the reply from mkis:
will doing a boot scan and disabling system restore affect the information on my computer?
I dont want to lose the information cos not everything is backed up
Well no, doing a bootscan can be done anytime and is not a problem. So nothing turned up when you scanned in Safe Mode but alerts were triggered after you restarted? Interesting.
And well yes, doing a bootscan and disabling system restore will affect information on your computer. So you could look at doing that later. Generally, the bootscan / remove system restore will affect your computer positively in that what is cleared out may have been helping to conceal malware. But because I am not actual there with you, and because you have actual made a lot of progress already, I think best holdfire on the scan / system restore. Unless one of the more experienced of the contributors like DavidR comes on and says go ahead. For myself, I nearly always disable system restore for bootscans.
But may look worse than it actual is. Is pev.exe in SAS quarantine after the scan.
Otherwise, go ahead with what you’re doing. You seem to be doing well. And you’re in good hands with DavidR. I will have a look at your logs as well and see what your system is like.
You will need to install a firewall once you computer is back running smoothly.
On the sidebar to the right you see latest Definition Updates. I presume you have 32bit. If so choose it and download. Run the download and ensure the install goes through cleanly. Make sure your firewall has come on - you will see a small grey castle with a green shield on the tray bottom right hand corner of screen.
Another firewall I like is WinPatrol which seems to sit beside Defender firewall no worries
You find WinPatrol here http://www.winpatrol.com/
WinPatrol’s Scotty will help you set your WinPatrol according to your preferences.
I’m back with bad news i guess…
Yesterday as i said malware came clean, sas with windows.pev.exe
avast clean
and now following your advice of checking the SAS quarantine which had indeed quarantaned the pev.exe
Dont worry about the tracking cookies, they are just a nuisance.
PEV.EXE
C:\COMBOFIX\PEV.EXE
C:\WINDOWS\PEV.EXE
These might be two separate readings of the same instance. Dont worry too much about this for now.
Is avast still sending out alerts after turn your computer on and it is running?
Does your computer run slow? Or, pev.exe aside, is everything running better?
Okay just separated those tracking cookies from prev.exe in my previous post.
If computer seems, okay, try a few things out, see if it is runnning okay. Probably a good time to install Defender and wouldn’t hurt to set up WinPatrol, maybe try a disk clean up and defrag.
Just to see if any alerts, warnings, errors, etc…or whether smooth running.
Can tidy up loose ends later.
I have to go out for a while. I’ll check the forum when I get back.
This really is nothing to be too worried about as firstly it looks like combofix also detected this and I would have thought that would have deleted it and or put it in the combofix quarantine (so it shouldn’t be detected in that area), but it doesn’t appear to have either deleted the original (or that has been restored) nor has it moved it to its quarantine area.
As I mentioned before in other topics and mkis said here tracking cookies are much ado about nothing, but always let SAS take care of them. Have your browser block (or not accept third party cookies) and periodically clear cookies from your system.
I don’t see anything obvious in your HJT log other than:
You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. The Vista firewall does have outbound protection, but it is disabled by default (it isn’t very user friendly, is rule based and you have to create the rules).
Thanks so much for all the help.
I havent had any trouble today
if you know anything more about pev.exe let me know
My machine is new and I want to keep it clean and fit.
I downloaded Vista Firewall control.
Do I need Winpatrol in addition or is that enough??
Do I need Winpatrol in addition or is that enough??
Its up to you really. I like WinPatrol, and others in the Forum use it. But looking for the right firewall for you to have as part of your defense is the main point. There's no doubt that WinPatrol is among the best. I'm getting to like Online Armor, which will probably end up my first preference. http://www.tallemu.com/
if you know anything more about pev.exe let me know
I think prev.exe can be lots of variants. But I haven't had any first hand experience. From what DavidR said I think you've done a good job of dealing to it.
Do I delete the quaraitained files from SAS and AVAST?
You can keep quarantined files in avast for a while without worry. I'm not sure about SAS, I've only had those tracker cookie things with SAS and I just delete them. From what I gather, DavidR said they can be deleted - but probably best wait for confirmation.
Hi cindyk. Just checking back to see all is going okay.
If you haven’t cleaned out your quarantines, and nothing new has happened, you may as well do it now.
Run a normal search of your drives with keyword prev.exe and see if anything turns up.
Run your scans and if same things turn up, then delete them.
Otherwise, I think you’re fine with everything.
In case you haven’t come across this link yet, here is directions for using a Flash Disinfector for ensuring that your USB drives are also kept clean of infections.