Hi
Please help!

PLease excuse I’m new at this
.
-My Avast detects 2 files in the background scanner every time I connect to the internet.
-I can’t delete, or repair the files and if I move or rename them they just come back.
-the files are named: d1al.exe and LoL_1_.jpg
-They are in temporary internet files folder
-It began yesterday and I have no clue as to how it got onto my system
-Avast gives me the following message: Win32:Trojan-gen {Other}

It disconnects me from the internet every time I connect to my wireless internet

Please help if you can

can you some how upload the files(one at time) to virustotal.com and post the link.

Sure, Thanks
This is for the file: d1al.exe

http://www.virustotal.com/analisis/4798df508c6510237642b433a7a2c4852e47ec4983d7955e474d87ba2327ba2d-1253033446

This is for the other one:
LoL_1_.jpg

http://www.virustotal.com/analisis/4798df508c6510237642b433a7a2c4852e47ec4983d7955e474d87ba2327ba2d-1253033373

did you try avast! boot time scan?, no? : http://www.digitalred.com/avast-boot-time.php (move all the files infected to chest, when asked what to do)

post back.

I didn’t try the boot time scan will do so now

Every time I move it to the chest it reappears again and I’m prompted again, I did this a few times and it still comes back

Hello,

1. Try cleaning up the Temporary files folder.
2. Boot your PC In safe mode and networking .
3. Step 2 done then try downloading one of the following :
   a) Malware antibytes
   b) Super anti spyware
   Update the database and do a full system scan…

Let me know if this was helpfull.

Regards,
Prashant Sharma

move to chest in the sense during boot time scan it asks what to do with the infected file. select move to chest.

edit : remove the temporary files after the boot time scan.

Okay did the boot time scan and moved the files to the chest when propmted.
The result now produced more 3 more infected files in the system volume information folder with the names A0031464.exe, A00331496.exe, and A0031745.exe

I cleaned out the temporary internet files folder after the scan and rebooted

The problem persists,
will try and download the other 2 programs now

yup, now you can try other two programs. do not worry about the adware cookies reported by superantispyware. let it deal it self.

get mbam here : malwarebytes.org update and perform full scan. post log here, please.

I got the log and found 6 files infected

Should I remove them?

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{67kln5j0-4opm-01we-aax2-5657qca554112} (Backdoor.Bot) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ravav (Worm.RJump) → No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) → Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) → No action taken.

Folders Infected:
C:\VIDI\UNUK (Backdoor.Bot) → No action taken.

Files Infected:
C:\VIDI\UNUK\DRG.exe (Backdoor.Bot) → No action taken.
C:\VIDI\UNUK\DesKTop.ini (Backdoor.Bot) → No action taken.

exit all the browsers you are using, remove the infections. and reboot if asked to do so.

was it a quick scan or full scan?.

come back.

Hey,
It was a full scan.

looks like it worked! All files were removed after the reboot and I haven’t had a detection as yet

Thanks for everything you were really helpful!

great that everything is fine now. consider this, please:

secunia psi : http://secunia.com/vulnerability_scanning/personal/

welcome to the forums.

I will have a look,
thanks again