I scanned and there are two high threat viruses in Windows\SysWOW64 file, and they cannot be put into Virus Chest. It said Error: Access is Denied (5). What do I do? It is Avast! 5, I have Vista. Thank you.
Hello
planning a scan at startup
Opens in avast will then run a scan after scan start area in a scanner you all my hard drives and you click on schedule now and you restart your PC and lets you work avast
@ avast5
chimp78 is using a 64bit OS, so the avast boot-time scan isn’t available in avast 5.0 for 64bit OS (planned for avast 5.1).
@ chimp78
What are the actual file names being detected ?
SysWOW64 is a windows 64bit OS system folder (not a file name) what used to be system32 in 32bit OS versions.
Thanks to both of you.
I don’t know what they are because I could not see the whole information of it. It just state svjunoni.dl after SysWOW64.
http://i33.photobucket.com/albums/d71/mjd78/1-1.jpg
Strangley, malwarebyte did not catch those. It caught other 18 ones, but they are not from SysWOW64. They are in quarantine right now.
What do I need to do with those two? How can I remove them? And, why doesn’t malwarebyte caught those as well?
I also use IObit Security 360 and Advanced SystemCare from download net as well. Are they the reason for that? If not, are they necessary to use?
Thank you.
I also use IObit Security 360 and Advanced SystemCare from download net as well. Are they the reason for that? If not, are they necessary to use?
IObit info
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217
There is also a tool for removal of IObit software. Bitremover 1.2.1
you will fiend it on the right side of the page
http://uninstallers.blogspot.com/
Thanks for that information! I did not know that. I removed all of them and it looks like they all are out of the desktop. I am going to try to scan it again with Avast to see if those two malware files are no longer there.
No iObit software anymore…
The file name certainly appears suspect and only two hits on a google which for a file in the syswow64 folder very suspicious. The hits on google are for the superantispyware site and indicate that SAS should be able to remove it.
SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Can you post the contents of the malwarebytes log file.
Thanks.
I did download and install SuperAntiSpyware last night, but it did not load when clicking on it. It did load after finished downloading, and asked me if I want to scan it now. I just closed it because I am going to scan it later, not right away. Later, I then clicked on it, but it will not load. I then uninstalled it. I don’t know if it usually load slowly or not. I am going to download it again and try it again.
Here is the log for malwarebtye.
Malwarebytes’ Anti-Malware 1.44
Database version: 3765
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
2/20/2010 11:36:49 AM
mbam-log-2010-02-20 (11-36-49).txt
Scan type: Full Scan (C:|D:|)
Objects scanned: 248267
Time elapsed: 35 minute(s), 35 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 13
Memory Processes Infected:
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) → Unloaded process successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) → Unloaded process successfully.
Memory Modules Infected:
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (Spyware.MarketScore) → Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
Folders Infected:
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\components (Spyware.MarketScore) → Quarantined and deleted successfully.
Files Infected:
C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\install.rdf (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlph.dll (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) → Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) → Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) → Quarantined and deleted successfully.
Those files are quarantined right now.
Spyware.Marketscore
http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99
Is that why I am getting those files from uninstalling SuperAntiSpyware?
But, I have Vista. It is not on that list. That list is three years old.
What is about the two malware files? What do I need to do with them? Remove them with SuperAntiSpyware?
Thanks.
Generally malware would try to stop you installing not uninstalling software.
I did download and install SuperAntiSpyware last night, but it did not load when clicking on it. It did load after finished downloading, and asked me if I want to scan it now.
It IMHO is never advisable to download and install in one action, there really are too many opportunities for the installation to stuff up. Always save the file to a location where you can find it later and install it whilst off-line. I suspect that the installation didn’t install completely/successfully and that could account for the problem in uninstalling.
The marketscore one is relatively low risk and I doubt related to the avast detection.
You should be able to manually find the svjunoni.dl file (which I think you didn’t enter correctly as I think it is svjunoni.dll) and see if you can’t move it to a different temporary location.
Also check out this link, http://www.prevx.com/filenames/1973893279052963181-X1/SVJUNONI.DLL.html. This indicates it could be a downloader so you need to ensure that your firewall has outbound protection to stop it getting out.