Autorun.inf & setup.exe

[rafaman]

Hello,

I'm finding it difficult to remove some spyware/virus from my computer. AVG tells me there is an virus in a file in the shared documents folder, setup.exe, and I tell AVG to fix it, but it keeps reappearing.

I've read other threads on this forum, this one describes very similar problem - https://www.techspot.com/vb/topic56506.html - but the solution does not work for me.

I've attached hijackthis log file, after AVG told me it found the virus. I did not tell AVG to fix it, but chose ignore instead. Hope there is someone who can read something out of the log file.

thanks so much in advance!!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your running an outdated version of HijackThis.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of rafaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rafaman]

Hi, and thanks for your quick answere.

I've done as described in the thread you refer to, and attached are fresh HJT, combifix and AVG Antispyware logs (although AVG Antispyware didn't find anything). But after doing all of this, there's still a file named autorun.inf in my shared folder.

AVG AntiRootkit scan found nothing.

Hope you can read something out of my log files.

many thanks in advance.

 

[howard_hopkinso]

Please post a fresh HJT log from normal mode.

Regards Howard

This thread is for the use of rafaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rafaman]

Hi,

I'm sorry for posting a HJT log from safe mode, here is a fresh log from normal mode.

 

[howard_hopkinso]

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCMTR.EXE

Other than the above, your HJT log is clean.

Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Attach the Autoruns log here.

Regards Howard

This thread is for the use of rafaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rafaman]

Hi,

here is the autoruns.exe log file.

many thanks for your help so far!

 

[howard_hopkinso]

I can`t see anything nasty in your autoruns log.

Download and run the trial of Spysweeper. let me know the results.

Regards Howard

This thread is for the use of rafaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rafaman]

Hi again,

i'm done scanning with Spysweeper and it found nothing. Now I'll just pray for this to be solved and hoping I want get any warnings in the next days.

again, thanks alot for your help!