Firstly apologies for posting in the general section a few days back: http://forum.avast.com/index.php?topic=36773.0.
I should have scrolled down a bit further and done it here.
As per that post Avast popped up when I was running Spybot to say it had found a Trojan in my Temp folder. when I moved it to the Virus Chest it found another. After this I re-ran Spybot (All O.K.) and then ran a thorough scan with Avast! (All O.K.) and Adaware 2007 (All O.K.)
I followed the instructions for sending them to VirusTotal and got back two identical reports:
I have also Emailed them to Avast! using the direct function within the Virus Chest, but haven’t had a reply yet.
Having looked at some other similar posts I notice much more comprehensive details from VirusTotal in some of them. Have I done something wrong, or are my “Infections” not considered serious?
The computer seems to be behaving fine, and I haven’t had any further reports pop up. Is there any more I can do at the moment? Running a NEC M5210 XP2 Home edition with Avast! 4.8.1201, Zone Alarm free, Spybot 1.5.2, & Adaware 2007.
I think the malware was found in your browser cache and was not run and so didn’t infect your computer. You did the right thing to close the pop-up window without accepting the invitation to install the scam anti-virus on offer.
If you ‘erase’ the files they will be gone. But it will be good to follow the general cleaning procedures to be sure you’re clean:
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Also, try RogueRemover, a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.
Further to “Tech’s” post, I disabled System Restore and ran Spybot’s own “RootAlyz”, ran CCleaner, then did a complete scan with Dr Web CureIT! (It took over 2hours!) This found 2 infections:
1/ A file related to Spybot: “regLocal.reg” at C\Documents & Settings\All Users\Application Data\Spybot - Search & Destroy\Backups.
2/ “POSTOOBE.NEC” at C\DRIVERS - type VBS.Generic.278 which I let it “Cure” - it deleted it.
Haven’t gone any further yet, should I re-enable System Restore and run Super Antispyware?
Well I guessed that the Spybot entry was not serious so I’m not touching that. As to the NEC entry it’s been deleted so I’m not sure what I can do about it now.
I’ve installed and run SuperAntispyware and all it found was a tracking cookie, so I’m feeling a bit happier…
I think I will see how things go, I don’t really want to put any more security programmes on this machine. I probably picked the malaware up in places I shouldn’t have been, so I will treat it as a valuable lesson!