Most of my system restore files are infected and for some reason my partition (which holds my main backup for my OS) is corrupted now…
Thanks for any help and or support…
Can you give some examples ?
The malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx)
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
What did you choose when they were detected (move to chest, delete, what) ?
Assuming that your system is clean, with the exception of the infected restore points, Create Clean Restore Point - Clear old Restore Points.
Create a clean System Restore point:
- Click Start, All Programs, Accessories, System tools, System Restore.
- In the pop-up that appears fill in the radio button to Create a Restore Point
- Click NEXT
- Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
- Click CREATE
You now have a clean restore point, you should clear the old ones:
- Click Start, All Programs, Accessories, System tools, Disk Clean Up
- Click OK on the C: drive
- Click the More Options tab
- In the System Restore section click the Clean Up button
Whilst it isn’t helpful at this time, you should consider an investment in a second HDD or an external HDD or DVD writer and use those to store backups. Critical things like backups shouldn’t be stored on the same drive as it isn’t uncommon for a drive to fail completely so 'any data on ‘all’ partitions on that drive could be lost.
Sorry for linking to those files…i am new to using forums and avast! log viewer and pretty much everything that has to do with spyware/viruses/malware and so on…
Thanks for the help and support…
I ran several online scans on my partition and it revealed nothing except: File name: C:\hp\bin\KillWind.exe and Threat name: RemAdm-PSKill. Which i have to come to realize is it’s a HP backweb program/application and HP says it is vital for system recovery.
You have been most helpful in my time of need…thanks again…
None of the detections you posted are related to system restore, _restore points are normally located in the C:\System Volume Information folder, so is there anything else that makes you think this ?
Please break the links (URLs) posted so they aren’t active, as they point to malware, e.g.
http[break]://[break]fs3.webdevaz.com/files/g/filesubmitdl1/m/magicforest.exe%PARTNERDIR%\oswdvaz118.exe[Embedded#01340][Embedded#01340]$0\onestep.dll"
The ones with http: were detected by the web shield and they were prevented from getting on to your system.
The other two at the bottom again nothing to do with system restore but found in the temporary internet files folder. If they were sent to the chest then they shouldn’t be in the temp internet files location, though deleting the temp internet files from your browser is advised.
This topic goes directly to the warm foto_celurar.
When i did a boot scan with avast! version 4.7 Home Edition, it said most of my files on my partition (which hp set up for my main backup) is corrupted, which i am not sure why it didn’t log any of that…
Now, all my scans come up with no more infected files…strange…the funny thing is my computer is starting to become more unstable after avast! detected this trojan thingy…(srry if my grammer escapes me sometimes)
Thanks for any help and or support…
Don’t worry about any reported corruption, it could simply mean that avast was unable to open them to scan.
Again, I don’t see any trojan, thingy or otherwise in the information you posted other than the keylogger-king-free-410.exe files in your temp internet files folder that you appear to have downloaded after disabling the web shield as it first intercepted it. Though why you would want to install a keylogger I have no idea.
So if you didn’t then install this keylogger then it isn’t doing anything and any symptoms (which you don’t mention in detail) are unrelated to this detection.
Please define unstable, what is happening with your system ?
I asked you to please modify your post and break the URLs to avoid accidental exposure by the curious, etc. we don’t post active links to suspect locations.
Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial 1.
Post the contents (copy and paste) of the HJT log into this topic, you may need to split it over two or more posts depending on how large it is.
Sorry for that, it is comodo firewall pro version 3 that has been taking up my system resources and then causing the computer to become unstable…it only happens when i submit files to comodo for analysis…
Thanks, now i know my computer is once more trojan free…for now that is…
Hi Dark :
Recently, starting July 1 of this yr, a Topic was started by "jiffy1" about
KillWind, which is at http://forum.avast.com/index.php?topic=29151.msg239298;topicseen#msg239298 .
Eventually, he had this to say about how essential Backweb is on a HP
computer : "Backweb enables HP to connect directly to a PC while it is online (simply connected to an ISP - doesn't matter if the browser is open or not) so that it can 'push' content and program updates.
While the tech support person who wrote back to me when I emailed them said that the files were ‘essential’ for proper system operation, further investigation using HP’s own support documentation shows that you can uninstall the Backweb program through the Add/Remove Programs utility in Windows Control Panel. HP, of course, does not recommend doing this.
My take is that if your system is out of warranty, is operating properly, and Mr. Gerrans’ sense of humor in naming and describing the files offends you, just uninstall Backweb. Of course, this is just my personal opinion, does not reflect HP’s recommendations, etc… "