Virus detected - how to remove

Newbie here - appreciate the help

I downloaded Avast (Free version) to replace Trend and ran a scan last night. Avast detected a virus and it was shown in the Security Report - Does Avast automatically remove it or do I have to manually do so? How do I find out more details about the virus?

Thanks for the help!

What was the file name, location and malware name of the detection ?

Not sure what security report you are talking about, was it the one shown in the More Info button of the avast alert window ?

The default action is to move the detection to the avast chest, that may differ depending on the shield that detected it. That is why the above question is relevant.

I trust that you have uninstalled the Trend antivirus (?) or this could conflict with avast potentially leaving you less well protected.

to answer your question we need to know what avast say…or as the computer would say…not enough info, can not compute :wink:

you may attach a screen shot of the scan result

yes trend removed.
having some diff attaching a screenshot - file too large.
the security report appears to be the one obtained from the web http://www.avast.com/en-us/lp-fr-security-report
i also noticed a message on my desktop after i ran avast this am - “This copy of Windows is not genuine” - curious because Vista shipped with mt laptop from Dell.

having some diff attaching a screenshot - file too large.
use mspaint...and cropp the picture so we dont see your hole desktop... save as giff....

ss attached

That is the monthly security report and is a collation, so it won’t show much detail, just numbers, which is why I have it disabled. AvastUI > Settings > Popups > ‘Show monthly security reports.’ Stats don’t particularly excite me very much and less so when they don’t contain much other than just figures.

Since this was during an on-demand scan, you should be able to check the avastUI > Scan Computer > Scan Logs and select the individual scan log and see what was detected, it will also show what action you took (default is to send to chest).

Thanks! The scan result apparently indicates it’s a low risk and was sent to the chest.

any input on the other message “This copy of Windows is not genuine”?

as i can see from this phone pic :smiley:

it seems to be mywebsearch… just some toolbar bull shit…nothing dangerous

PUP - not a virus but Possoble Unwanted Program

to remove any crap you may have i suggest doing a quick scan with malwarebytes (make sure it is updated before you start the scan) and let it remove what it find…if anything

then run adwcleaner and do the same

Thanks Pondus - I use CCleaner - is that OK?

I also have Last Pass - any potential for conflicts with Avast?

What is your input on that crazy “This copy of Windows is not genuine”?

You’re welcome.

Another point over and above what Pondus mentioned, unless this was a boot-time scan, then you have changed the default scan settings as avast doesn’t scan for PUPS by default. So you must have changed the settings.

Most people are unaware of what PUPs are and this can throw them as they don’t really know what it does and if it is on their system legitimately (e.g. they installed it).

David R - a big thank you to you also!

Thanks for the education - it was most helpful!

Any ideas about that pesky “windows not genuine” message?

I have seen this a few times in the forums, but I can’t recall how it was resolved.

Try a forum search for “windows not genuine” with the quotes and see what it brings.

AdwCleaner is a special tool for browser/toolbar crap

http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
http://www.softpedia.com/progScreenshots/AdwCleaner-Screenshot-212632.html

first click “Search” a log pop up when done… then click delete…it removes the crap and restart your machine…done

a log opens… you may post that log here

Thanks Pondus - now running malwarebytes and then I’ll remove the crap, after which I’ll run AdwCleaner, them I’ll post the logs.

Pondus and David R –

Did a full scan with malwarebytes and looks like we got everything.

Now running AdwCleaner.

Will post that log when done.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421

Protection: Enabled

8/18/2012 9:38:41 AM
mbam-log-2012-08-18 (09-38-41).txt

Scan type: Full scan (C:|D:|F:|G:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 620844
Time elapsed: 5 hour(s), 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) → Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand (Adware.SmartShopper) → Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand.1 (Adware.SmartShopper) → Quarantined and deleted successfully.
HKCU\SOFTWARE\NetProject (Trojan.Zlob) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Smart-Shopper (Adware.SmartShopper) → Quarantined and deleted successfully.

Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) → Data: 2 → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) → Data: 1 → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) → Data: → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) → Data: → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt&Search| (Adware.Hotbar) → Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|.securewebinfo.com (Trojan.Zlob) → Data: → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|
.safetyincludes.com (Trojan.Zlob) → Data: → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) → Data: → Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (“%1” /S) → Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (regedit.exe “%1”) → Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (PUP.MyWebSearch) → No action taken.
C:\Users\nawt\Documents\wirelesskeyview[1]\WirelessKeyView.exe (PUP.WirelessKeyView) → No action taken.
C:\Users\nawt\Favorites\Online Security Test 2.url (Rogue.Link) → Quarantined and deleted successfully.
C:\Users\nawt\Favorites\Online Security Test.url (Rogue.Link) → Quarantined and deleted successfully.

(end)