What is the name and location of the infected file please
I see nothing in the log, except, no firewall ( are you using windows ? ) Your Java is out of date,and your using SP2, when you should have updated to SP3
The hjt logfile did not show much out of the ordinary, but one entry to fix:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
You might have disabled this before, and those are remnants. It is an adware trojan downloader…
Then you apparently have no active software firewall running there, or just the Windows one that is only one-sided by default, I would like you to do a full scan with MBAM from here: http://www.malwarebytes.org/mbam-download.php
and after the full scan give us a logfile txt of the results,
The first looks like a good detection a google search finds this, http://virscan.org/report/4b863ab27de76c4424c2c4e985e27d1c.html, old scan results from a multi engine virus scanner, from 6 March 2009. Whilst at that time avast didn’t detect it but new signatures are continually added.
You could also check the offending/suspect file (to get a more recent set of results) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
The one in the C:\System Volume Information restore point is no doubt the same file which when you tried to delete it a restore point was created.
There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
So allow avast to send it to the chest, deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
I suggest that you enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
Well I think you had a lucky escape there, the infection was cleansed now. The source of this has been a game cheater download and these often come with additional malcode, nothing is completely free and especially on the Internet this is true, your dubious file was hlsw_1_0_0_43_setup.exe and it managed through the registry to disable the Microsoft Security Center (av & fw), that is why we corrected this with MBAM.
Stay safe and secure,
We don’t know if it is gone as we don’t have access to your system and you haven’t given any information to confirm that.
Did you run a boot-time scan as I suggested ?
Did you do as I suggested, allow avast to send it to the chest ?
If so then it will be in the Infected Files section of the Chest, where it can do no harm.
Have you looked for it in the locations it was found ?
If having sent the files to the chest you should a) the detected files are no longer in the original location and b) if you run another scan nothing should be found.
So did you check the original locations and the chest Infected Files section for the detected files, they should only be in the chest.
I can’t find the files in the original location and with another scan my computer is clean.
but now my computer is very slow so i think the virus is still there
That particular virus ‘can’t’ be there as you have confirmed it yourself. It doesn’t mean that there might be something else either hidden or undetected (but not that particular one).
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
I haven’t had a look at the ad-aware log as personally I feel that program is a waste of hard disk space not to mention it is way old 2007 version. Both of the programs I mentioned are much better and you should replace ad-aware with both them.
MBAM indicates clean.
From your HJT log:
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
So it looks like you have some form for out of date applications - I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
Other than that I don’t see anything obvious in your HJT log.
You didn’t run SAS or haven’t posted its log, if it only found cookies, no need to post.