I use Avast! Free Antivirus and lately it has detected files infected with Maleware-gen on my computer.
Right now its in the Avast Virus Chest.
Originally there were only two files detected, however after a few days these files were found again in the same location and was placed into Virus Chest.
Files Detected:
BdeUISrvb.exe - located at C:\Windows\Temp
pls22[1].exe - located at C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5(some code here)
Can anyone help me with removing this virus from my computer?
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
1.clear your temp files:http://www.piriform.com/ccleaner
2.do a dr.web cure it scan:http://www.freedrweb.com/cureit/?lng=en
3.scan your system for rootkits:http://www.usec.at/rootkit.html
4.scan with mbam:http://www.malwarebytes.org/mbam.php
5.post a Hijack Hunter log in this topic:http://www.novirusthanks.org/products/hijack-hunter/
6.we will provide a cleaning script,you should run it with Threat Killer:
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Using Hijack Hunter:
1.after downloading install the program
2.from the gui press scan
3.post the log here or attach it
4.the restorer page contain helpful resources to fix policies related problems.
Using Threat Killer:
1.from the main gui browse for the clean script file then press excute!
2.post the log on the forum
Download and run.
Then do scan and save a log file.
Post the log file here as you have done with Hunter
The malware entry will be an 04 entry corresponding to the following
Value: EWABQAF7KL
Data: C:\Windows\TEMP\Gpr.exe
Key: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
Solution - put a check in the box next to the entry and go down left corner and click Fix Checked
I attatch two files:clean.txt and reg_fix.txt
1.from threat killer gui browse for clean.txt"after downloading from my post",then Excute! it
2.post log here
3.show file extensions,from folder options.
4.rename reg_fix.txt to reg_fix.reg
5.run the reg_fix.reg file then press ok
6.restart your system.
Threat Killer - Scriptable Malware Remover 1.7.2.0 http://www.novirusthanks.org
Log started on 7/10/2010 at 1:00:38 AM
32-bit OS
[+] Script Executer Log:
(kill process) C:\Windows\TEMP\Gpr.exe → Error: Process does not exist
Backup of C:\Windows\TEMP\Gpr.exe failed.
(delete files) C:\Windows\TEMP\Gpr.exe → Error: The system cannot find the file specified
(empty folders) C:\Users\irene\AppData\Local\Temp\ → Is empty
There are no more files
did you scan immediately after Fix Checked and see if it was gone
if not then need more than HjT
if so, then we know it regenerated
can you follow these instructions -
Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
I believe the file is still regenerating as the value is still appearing in HijackThis.
I have fix checked it again, just to make sure.
But after i immediately redo the scan, the file shows up again.
Also it seems that ‘gpr.exe’ cannot be found in my Temp Folder.