Not that my system is acting strange but…just ran Avast and it came up with a Win32 Oliga [trj]. Is this for real or is it possible a false positive. I did do some searching on my own with mixed results. Some say it is a Trojan that steals online gaming passwords. I do not play online games. Others say it is a false detection. Can someone comment on this please? Thanks! I feel I can come up with more accurate info on this site than at other places. Again Thanks!
Win32:Oliga is a password stealer trojan.
http://vil.nai.com/vil/content/v_150521.htm
What is the filename and location?
Check your warning log:
C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt
Hi gmann44,
Have a scan with MBAM: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
If MBAM does not cleanse everything from the trojan at a first full scan, reboot and let it have another additional sweep, then post the logfile txt as an attachment to your next posting.
Also post a HJT logfile txt as an attachment using HJT from here: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Sometimes a temporary disabling of system restore is necessary to parts of the malware does not just resurrect like phoenix from its ashes through the workings of the system restore feature, see:
Additional trojan removal instructions, do read:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
Check up on this, make a copy of your registry settings first in case something goes wrong,
Manual removal instructions,
FileName
%USERPROFILE%\local settings\temp\57v9.dll
PWS-OnlineGames.bl
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following registry elements have been created:
Hkey_local_machine\system\currentcontrolset\services\kavsys\
* errorcontrol = 1
* imagepath = \??\c:\windows\system32\drivers\vga.sys
* start = 1
* type = 1
Additional trojan removal instructions, do read:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
polonus