I’ve been infected by this virus apparently… I’ve tried running the avast boot scan with no luck. I’ve also tried the avast cleaner. That didn’t help either.
It was found in “C:\DOCU~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat”…
I’ve seen recommendations to turn off the System Restore before running a boot scan, but I have no idea of how to do this?
Could anyone help a damsel in distress to remove this sucker from her laptop!?
What action did you choose when avast detected this (Move to chest, Delete, etc. what) ?
What happened when you chose one of the options ?
Based only on the file name with its double file type extension, .exe.dat it certainly looks suspicious. However, that shouldn’t have warranted a boot-time scan or running the virus cleaner (worthless in this case as it 1. isn’t a virus and 2. not on the limited list of viruses the cleaner is designed to repair).
If avast too action (on the option you choose) on the detection then subsequent scans would find nothing else.
So please let is know if there were other issues that you felt necessitated the boot-time scan, etc. ?
You shouldn’t have to disable system restore unless the problem requires it and I don’t feel it does yet (certainly there is insufficient information) as the detected file wasn’t in the system folders.
I tried the recommended move to “Move to chest” but I couldn’t as the file were being used in another process. I also tried cleaning it, but that didn’t work either, as an Avast alert said that the file couldn’t be found.
So Avast couldn’t help me terminate the thing… A quick google pointed me in the direction of the boot scan and the virus cleaner. Which didn’t help me either. And here I am:)
Disable System Restore and then reenable it again.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
I tried doing the above, and it seems it worked?! I’m no longer getting the warnings from avast about the virus/worm/wtv that sucker was. See the logs below. Do you suggest that I still do as Tech recommends? Or can I consider myself as ‘cured’?! Thx guys - you’re life savers!
Malwarebytes’ Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2
Inficerede Mapper:
C:\Programmer\MyGlobalSearch (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar\History (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts\Shared (Adware.MyWebSearch) → No action taken.
Inficerede Filer:
C:\Programmer\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts\Shared\037CD0CA.dat (Adware.MyWebSearch) → No action taken.
C:\Documents and Settings\Anne Christine\Lokale indstillinger\Temp_A00F2496D04.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system32~.exe (Trojan.Downloader) → No action taken.
Avast log:
21-08-2008 13:17:23 SYSTEM 316 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
21-08-2008 13:24:22 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:50:36 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:51:16 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:52:48 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:57:03 Anne Christine 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
21-08-2008 17:25:27 Anne Christine 1800 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
21-08-2008 23:18:58 Anne Christine 1792 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 00:30:30 Anne Christine 1796 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 09:06:01 Anne Christine 1780 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 17:42:07 SYSTEM 1780 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
Computer name : AC-EGHOLM
Creation time : 23-08-2008 08:08:38
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Dansk
User rights : Administrator
Windows folder : C:\WINDOWS
Perhaps because I said run a scan and post the results…
I will modify advice and say click REMOVE and add a note that this automatically creates a quarantine