Hi guys
I’m new here and not really very good with all things virus
It would seem my computer has been infected with the Win32:Adware (Adw) virus.
Do any of you have any idea how I can go about clearing this up?
Ran a boot scan but that doesn’t seem to have cleared it up
Thanks in advance
Isabella
Hi Isabella,
There are several free adware/spyware scanners you can try:
AVG Anti-Spyware Free (Requires Win2k/XP)
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free
Download, install and update all the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.
Install SpywareBlaster also to prevent future infections: don’t forget to update every month or so.
Thanks for such a speedy reply FreewheelinFrank
Will try and work my way through the instrustions you’ve given me.
Never had to do this before so thought I’d come here first and ask what best course of action is
Here’s hoping I can get rid of it cause it only seems to be when Im trying to access my email login page that it happens
which is no use being as how I need to access if regularly
Will no doubt be back for help along the way
Was this a Webshield warning (giving you the option to ‘Abort the connection’)?
There have been quite a few threads recently about false positive detections on web-based e-mail accounts, but of VB malware, not adware.
What exactly was the name and location of the detected file, either local or web?
It did come up with an option to abort the connection
I have a few file names
There are udcsdr.exe the location of this was C:\Program Files\ Alwil Software\Avast 4
Also: udcsdr.exe the location of this was c:\program files\common files\driveclean
and udcsdr.exe the location of this was also c:\program files/common files\drive clean
and UCD6cw.exe the location of this was C:\Program Files\ Alwil Software\Avast 4
and UCD6_0001_d19m190 location C:\ Program Files\Alwil Software\Avast 4
and finally A0030452.exe location was c:\System Volume Information_restore
Hope that helps
Means nothing to me unfortunatley
The Webshield ‘abort connection’ message usually means that avast! has blocked a web threat before it could be downloaded, but it can also mean that avast! blocked a Trojan downloader from downloading a malware file. (A Trojan downloader is typically a malware (bad) program pretending to be a legitimate, useful and desirable program, but which in fact downloads more malware (bad programs) onto your computer without your knowledge.
I suspect that the Trojan downloader was trying to download something when you connected to your e-mail site, rather than the site itself being infected.
From the file names you mention, you seem to have DriveCleaner on your computer. This needs to be removed. There are instructions here:
http://www.bleepingcomputer.com/forums/topic71782.html
If you have run the scanners I mentioned earlier, they may already have removed it, but follow the instructions carefully to check it has gone.
This sort of ‘scam’ program is often a sign of a Vundo infection, which can be hard to remove. The page above has a link ‘How to remove the Vundo infection’. Follow this link and run the removal tool(s) mentioned to check for Vundo.
A Vundo infection in turn is often a sign of out-of-date and insecure software present on a system, especially Sun Java. Run the Secunia Software Inspector scan when you have cleaned up the computer to identify and update vulnerable software. (Link in my first post.)
Have downloaded AVG Anti Virus Free
and am about to scan using Secuina Software Inspector
and install Spyware Blaster
Thanks for taking the time out to help me otherwise Id still be stuck
How will I know when I’ve successfully gotten rid of the Virus??
Have downloaded Secunia Software Insepcetor and for so of the programs it has labelled insecure it has given me update instructions should I update where stated?
I apologise for all the questions just want to know Im taking the right steps thats all
You don’t want AVG Anti-virus Free, you want AVG Anti-Spyware (formerly Ewido.)
Do not install a second anti-virus program!!! That would cause problems!!
Run scans with the programs I mentioned in my first post, quarantining any malware found.
Follow the instructions in my third post to check that DriveCleaner has gone and that Vundo is not present.
How will I know when I've successfully gotten rid of the Virus??]How will I know when I've successfully gotten rid of the Virus??
The virus warnings should stop. Also, there should be no pop-ups appearing advertising programs or services.
When you have finished you will need to clean out System Restore (Windows’ backup of system files.)
Do this by creating a clean restore point:
http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual
Then deleting all previous infected restore points:
http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete
You should update after cleaning the computer.
Which scans have you run so far?
Yes Isabella, you should update always. If for instance you have older versions of java, you are vulnerable to certain exploits. Update to the latest versions, and then delete all previous versions, because the malware may choose these if they are still available to do its dirty work, java does not automatically delete older versions.
Always install all patches and always update to the latest versions of browser(s), and certain other software. This free tool helps you to be fully patched and updated for it checks whether you have the latest versions of everything, you can download it here:
https://psi.secunia.com/
polonus