today I unfortunately found out my computer has been infected by a Trojan called Win32:Dropper-FVB[DRP] , Avast! tried to eliminate it but everytime I start my computer up Avast warns me and tells me it has blocked and eliminated the trojan.
I runned Malwarebytes’ Anti-Malware and scan my computer, it found 70 infected items. It
told me they were eliminated but when I started my Pc up again Avast warned me about the Dropper trojan (C:\Documents and Settings\Andrea\Dati applicazioni\svchost.exe Win32:Dropper-FVB[DRP]). I cant eliminate it! I am very worried about.
I’m going to attach the Malwarebytes’ Anti-Malware log.
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> winlogon.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe
YY -> windowsdefender.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe
YY -> 28818.exe -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\28818.exe
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{00000000-0002-0002-0000-000000000000}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Windows Defender" -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SpeedBitVideoAccelerator" -> [C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SpeedBitVideoAccelerator" -> [C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe]
< Run [HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Windows Defender" -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe]
< Andrea Startup Folder > -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\28818.exe
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\JavaLoad.exe
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YY -> \Run\\"Windows Defender" -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\21856.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\21856.exe:*:Enabled:Windows Messanger]
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\5270.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\5270.exe:*:Enabled:Windows Messanger]
YY -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\70394.exe" -> C:\Documents and Settings\Andrea\Impostazioni locali\Temp\70394.exe [C:\DOCUME~1\Andrea\IMPOST~1\Temp\70394.exe:*:Enabled:Windows Messanger]
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\91429.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\91429.exe:*:Enabled:Windows Messanger]
YY -> "C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe" -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe [C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\svchost.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\svchost.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\Windows@Live.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\Windows@Live.exe:*:Enabled:Windows Messanger]
YY -> "C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe" -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe:*:Enabled:Windows Messanger]
YY -> "C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe" -> C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe [C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe:*:Enabled:Windows Messanger]
YY -> "C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe" -> C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe [C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule]
[Files/Folders - Modified Within 30 Days]
NY -> winlogon.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe
NY -> NvApps.xml -> C:\WINDOWS\System32\NvApps.xml
NY -> WindowsDefender.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe
NY -> wrar380it.exe -> C:\Documents and Settings\Andrea\Documenti\wrar380it.exe
NY -> Java.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe
NY -> SystemCore.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
NY -> Rundll32.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
NY -> 28818.exe -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\28818.exe
NY -> JavaLoad.exe -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\JavaLoad.exe
[Files - No Company Name]
NY -> winlogon.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe
NY -> WindowsDefender.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe
NY -> data.dat -> C:\Documents and Settings\Andrea\Dati applicazioni\data.dat
NY -> Java.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe
NY -> SystemCore.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
NY -> Rundll32.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
NY -> 28818.exe -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\28818.exe
NY -> AntiSpyNative64.exe -> C:\WINDOWS\System32\AntiSpyNative64.exe
NY -> AntiSpyNative32.exe -> C:\WINDOWS\System32\AntiSpyNative32.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
I followed your instructions but when I clicked Run Fix after I’ve pasted the information in the quotebox my computer warned me with a error message and the it shot down and started up abruptly. I didnt have the time to read the error message and I couldnt see the message box and the log. By the way when my Pc started up Avast didnt warned my about the Trojan. I dont know, maybe the problem is solved.
OK lets now see if I can remove the last reluctant elements - if not I will use a bigger hammer
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Windows Defender" -> [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SpeedBitVideoAccelerator" -> [C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SpeedBitVideoAccelerator" -> [C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe]
< Run [HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Windows Defender" -> [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe]
< Andrea Startup Folder > -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
YY -> ~EmptyValue -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\21856.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\21856.exe:*:Enabled:Windows Messanger]
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\5270.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\5270.exe:*:Enabled:Windows Messanger]
YY -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\70394.exe" -> C:\Documents and Settings\Andrea\Impostazioni locali\Temp\70394.exe [C:\DOCUME~1\Andrea\IMPOST~1\Temp\70394.exe:*:Enabled:Windows Messanger]
YN -> "C:\DOCUME~1\Andrea\IMPOST~1\Temp\91429.exe" -> [C:\DOCUME~1\Andrea\IMPOST~1\Temp\91429.exe:*:Enabled:Windows Messanger]
YY -> "C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe" -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe [C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\svchost.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\svchost.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\Windows@Live.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\Windows@Live.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\WindowsDefender.exe:*:Enabled:Windows Messanger]
YN -> "C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe" -> [C:\Documents and Settings\Andrea\Dati applicazioni\winlogon.exe:*:Enabled:Windows Messanger]
[Files/Folders - Modified Within 30 Days]
NY -> Java.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe
NY -> SystemCore.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
NY -> Rundll32.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
[Files - No Company Name]
NY -> Java.exe -> C:\Documents and Settings\Andrea\Dati applicazioni\Java.exe
NY -> SystemCore.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\SystemCore.dll
NY -> Rundll32.dll -> C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\Rundll32.dll
NY -> AntiSpyNative64.exe -> C:\WINDOWS\System32\AntiSpyNative64.exe
NY -> AntiSpyNative32.exe -> C:\WINDOWS\System32\AntiSpyNative32.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Thank you very much essexboy for your precious help! I would never fix them without you!
I have no problems at the moment!
I was just wondering, If I’d had avast! Internet Security would it solve the problem easily? I mean, maybe avast! Internet Security protect me better as it’s not free and offers a better service. Am I right?