Hi there,

I’m hoping someone can help. I’m not the most savy computer end user there is, so bear with me :-*.

I received the Win32.Malware-gen warning in Avast. I didn’t do a boot scan (in fact I didn’t know what a boot scan was until a few hours ago with all of this lol). I tried moving to the vault and it wouldn’t. I think I ended up deleting it because it is no longer coming up in scans. Spy-Bot and Malwarebytes are both saying I’m clean. Just want to be sure everything is okay or fix if not.

Attached are my logs! Thank you so much for your help and time. —Kelly

Hello golden and welcome to the forum,

There should have been two (2) files for OTL (OTL.Txt and Extras.Txt.). Can you see if you have the other one and post?

Also, please make sure your Avast definitions are up to date, then run a boot-time scan. Anything that comes up infected, put in the Chest and report back with a screen shot if possible, or type the exact wording of the file and name of the infection.

How is your machine running now? Any problems?

BTW, you really should update to a newer version of Avast since the support (virus definitions updates) will end shortly. But do this after we clear this up.

Let us know if you have any questions. Thank you.

Thanks for your reply, SafeSurf.

Oops, sorry about that. The other log (Extras.txt) is now attached.

I find the computer is running okay. I’m able to perform all of my activities, perhaps a bit slower than it used to but that could just be my paranoia. The fan seemed to be coming on more, like it was working harder.

I’ll make sure my Avast is up to date and run the boot-time scan and report back :).

Thanks for the help,

Kelly

Hi lets try this first. Once done let me know what problems you are having

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2011/01/08 19:27:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks Essexboy. I have attached my log.

When I ran a boot-time scan in Avast as per SafeSurf(previous to the OTL fix and scans), it said infected by Win32:Malware-gen. I was then able to move it to the vault. Not sure if that is relevant or not but thought I would mention it.

Thanks so much,

Kelly

Reference the fan, that may be a sign of overheating, so I would suggest that you check all the vents are clear. I will remove all the redundant drivers and give you a little TLC

Looking at that I am a happy bunny

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O4 - HKU\S-1-5-21-746137067-57989841-682003330-1004..\Run: [Spyware Doctor] C:\Documents and Settings\Kelly\Desktop\sdsetup_aff.exe File not found O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) [2011/01/08 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx [2011/01/08 19:49:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2011/01/08 19:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2011/01/08 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Multi Virus Cleaner 2009 [2011/01/08 19:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/01/08 12:17:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Kelly\Desktop\spybotsd162.exe [2011/01/08 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011/01/08 11:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\PC Tools [2011/01/08 11:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2010/12/28 19:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\PriceGong [2011/01/08 12:20:18 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Spybot - Search & Destroy (for blind users).lnk [2011/01/08 12:20:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Spybot - Search & Destroy.lnk [2011/01/08 12:17:59 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Kelly\Desktop\spybotsd162.exe [2011/01/08 20:36:03 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Multi Virus Cleaner 2009.lnk [2011/01/08 20:36:03 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Multi Virus Cleaner 2009.lnk

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

[*]Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23.
[*]Click the “Download” button to the right.
[*]Select your Platform and check the box that says: “I agree to the Java SE Runtime Environment 6 License Agreement.”.
[*]Click on Continue.
[*]Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager…
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select “Run as an Administrator.”)

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Bootdefrag.jpg

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

I’m glad to hear all looks clean :). Thanks to you and SafeSurf for all your help. It is much appreciated! I will follow up on all your recommendations. I will be back for sure if something doesn’t seem right.

One last question, should we change all our passwords in case they were compromised?

Thank you again,

Kelly

'Tis always a prudent thing to do

I’m glad things worked out better than expected for you. It’s always wise to do routine “housekeeping” (dusting of the fans, making sure things are well ventilated, not putting the CPU on the floor in areas with carpeting or pet hair, etc.).

Here are a few suggestions in addition to the ones given to you by Essexboy to keep you and your machine safer in the future:

1. Keep your definitions up to date for both Avast and MBAM.
2. Keep all your shields on with Avast. I suggest updating to the newer version of Avast as well.
3. Update MBAM prior to scanning, then do Quick scans in the future.
4. Keep your MS Updates current.
5. Add security related Add-on’s to your browsers for safer browsing. See my Signature as an example.
6. Use common sense when browsing and do not go to risky sites (i.e. p0rn, etc.).
7. When downloading software, read what you are clicking and do not download adware toolbars which are commonly opted in; look before you click or do a Custom install to avoid putting unwanted toolbars on your machine that lead to spyware tracking or adware.
8. Check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software is changing all the time. This site gives you the vendor’s direct download link making it easy to upgrade your software. Many of us here scan our machines weekly.

When you feel that your issue is resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.

Feel free to come back any time you need help, to learn something new, or just to ask questions. We are here 24/7 for your convenience. Thank you.