Virus Found But Error: The Request is not supported (50)

Downloaded Avast Free on 8/26/12 as my Trend Internet Security expired. Ran Full and Boot Time Scan which show a virus. Was able to move the six items detected in the boot scan to the chest. When running a quick scan, shows no virus. When running a full scan, seems to hang up around 43-47,000 files. Redid scan and just let it go the whole night and it showed 8911 files infected after running almost 8 hours. Threat: Rootkit hidden file. But unable to move to chest. Downloaded Malwarebytes and did scan. No infection Items. Copy of log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Barbara :: BARBARA-PC [administrator]

8/30/2012 12:45:20 AM
mbam-log-2012-08-30 (00-45-20).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346378
Time elapsed: 1 hour(s), 11 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

What are the details of the avast detection, file name, location, malware name, etc. ?

Your MBAM database version is a couple of days out of date, whilst this may not be an issue here, before scanning you should always update.

I just updated Malwarebytes and running another scan. How do I post the results of the scan that showed the virus?

If it was from an on-demand scan then in the Scan Computer section of the UI you have the Scan Logs which can be opened.

I am doing another malware scan and will post results. Also doing another scan but it is taking forever and will post the results of that scan. The scan that was 8 hours and showed 8911 infected files. I looked at the report and do not know how to send it to you. I did make a screen shot of the first portion of the report and will attach it. I also clicked on support and generated a support package which I will attach. Tried to attach and it said file was too large. Will try screenshot again.

Seen something similar I think in another topic and that related to a windows update being done at or close to the time of the scan.

Whilst I can’t see the full path the .…\ bit between winsxs\ and the \file name this may give more information. The number of 8911 is somewhat strange and more indicative of a file infecter, but that would show a different malware name and not be contained in the one folder. Since these seem confined to the same file (or few files, given your image) then it is a bit of a strange one.

iedvtool.dll = Internet Explorer F12 developer tools, so I don’t know why there would be multiple alerts on this file, but since we don’t know what the .…\ part is if it happens to be in more than one location or not.

So what do I do? I am attaching another copy with the file extended. Also below is the malwarebytes scan that was done after updates.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Barbara :: BARBARA-PC [administrator]

8/30/2012 9:08:17 AM
mbam-log-2012-08-30 (09-08-17).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346885
Time elapsed: 2 hour(s), 43 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I have asked a malware removal specialist to take a look at this as it looks a little strange, but I’m not sure if it is a malware or not.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

Have you updated and rescanned with Avast… And are those files still showing as infected ?

Thanks for joining the topic essexboy, this is the other topic I was thinking about, http://forum.avast.com/index.php?topic=104187.0 and the OP confirms a windows update had been run.

Yes, I completed another scan and it is still showing a virus. This time it scanned 56,000 files (18.5g) and shows 6105 infected files. The previous 8 hour scan showed it scanned 225,505 files (87.7G) and showed 8911 infected files. I had to leave and when I got back I got the attached screen shot. I selected no got the attached restart screen. So I am going to restart my computer now.

OK lets have a shufti

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://dl.dropbox.com/u/73555776/aswMBRscan.png

On completion of the scan click save log, save it to your desktop and post in your next reply

http://dl.dropbox.com/u/73555776/aswMBRlog.png

OK, I did the first part and here are the two logs.

Here is the second log.

Downloaded the aswMBR.exe and clicked the scan button. It seemed to stop, so I hit save–but then it continued. So I left it run and then my screen went small and Windows shut down. I opened it in regular mode and then got the attached message: Should I try the second step again? Will wait for your response.


Maybe I missed it, and forgive me if I did, but did you uninstall TIS before installing Avast Free?
And if you uninstalled TIS, how did you uninstall it?


I know I uninstalled it by going to the TIS program file on my computer and using the uninstall program. And I know the TIS program had expired and I got messages that it was no longer giving me coverage but I can’t remember if I uninstalled first or installed Avast first and then uninstalled. Sorry. :frowning:

Hmm lets take a look at the MBR

[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

OK, finished. attached are the reports. Let me know if you need anything else or if I forgot any.

more reports