TechSpot

Avg has trojan sheriff in vault

By shetawk
Mar 6, 2008
  1. AVG free says I have a trojan sheriff.D located in my spybot.exe program and that the file is in the vault.


    If I click "remove from the vault" does that mean to delete the whole file from my computer or will it release it back into my hard drive?

    Should I remove it, uninstall spybot and download it again?

    Thank you. ST
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    is this avg anti virus or anti-spyware?
     
  3. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    avg

    Thank you so much for getting back so soon.

    avg antivirus


    I just took all spybot files off after emptying the vault and then emptied trash.

    Sorry, I searched for avg and nothing came up. didn't know there were already posts on same subject.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    No problem, infections are often unique to the infected machine, so it is always a good idea to get specific instructions.

    If you are concerned that there still may be infections on your machine, and would like to clean them

    Please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    1)AVG log
    2)Combofix log
    3)Hijackthis log (Step 15)
     
  5. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    OK, it'll take me a while. Have to download HJT and find out what a combofix log is.

    ; )
     
  6. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    testing...

    testing...
     
  7. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    testing 2...

    testing 2...
     
  8. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Sheriff....rest coming. Thank you.

    Removed, files attached.
     
  9. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    AVG sheriff

    Removed, attachment later.
     
  10. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Hijack avg sheriff.. Thank you

    Removed. Attached to later posts.
     
  11. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    What is a recovery console? Thank you. ST

    What is a recovery console?
     
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    It is something that is on your windows install CD. You can install it on your computer for when we fix malware. In case something goes wrong we can recover your computer.

    I am not seeing anything in your logs that looks bad though.

    Can you please attach the AVG log and combofix logs as an attachment using the icon above your reply that looks like a paperclip
     
  13. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Here they are...

    avg log is xml and site won't load it. What can I change ext to? Thank you.
     

    Attached Files:

  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    change it to .txt or .log
     
  15. kritius

    kritius TS Guru Posts: 2,087

    C:\Program Files\Hijackthis\HijackThis.exe

    and

    C:\Program Files\Hijackthis\Crusty2.exe ?
     
  16. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Hope this works... avg sheriff thank you.

    AVG just notified me that the sheriff is back in town in systm volume information\,restore{99D315FOD7-49D5-9FCC-528B21F98A9}\RP116\A0016556.exe
    Trojan horse SpySheriff.D




    thank you.
     

    Attached Files:

  17. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Crusty?

    Somwhere on the site I was told to change Hijack to Crusty to avoid tricks to imbed viri in Hijack. There were two hijack.exe files, different sizes so I name one Crusty and the other Crusty2.


     
  18. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    recovery console...

    I installed the whole program.

    Is the file called recovery console?

    Thank you. ST
     
  19. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Ran avg again and it said shell32.dll was changed.

    After I emptied virus chest on avg, I ran avg again and it said shell32.dll was changed.

    Did search and cannot find shell32.dll. Could it have been renamed?

    Afraid to turn my 'puter off because it may not come on again.

    Searched for "trojan" and "sheriff" and nothing came up.

    I'll do a trend housecall scan and see what comes up.

    ST
     
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    I think you are ok. You wont see files in the system32 folder, because windows hides them from you unless you tell it to show them to you.

    Where did you get the recovery console from?
     
  21. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    recovery console...

    Thank you. Hope you're right.

    Am now running housecall.

    If shell 32.dll changed, won't that affect my computer system?

    I don't have a recovery console. Searched but didn't find.

    Can revert to other dates but never saw a recovery program where I could put a disk in and start up again after my computer died.

    When I installed windows, I didn't go into detail, just installed everything.

    ST
     
  22. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Anyway, how did this trojan get through?

    Have avg and run it every day.

    Microsoft has virus program running, too.

    I don't go to weird websites.

    How could it happen?

    ST
     
  23. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Was avg/sheriff....My computer went wild...

    Was doing trend housecall.

    Monitor went off and hd was racing.

    Did the complicated tech thing. Unplugged and replugged and it seems okay now.

    How will I know if my computer is all right?

    Is it safe to use my thumb drive with passwords and bank info?

    ST
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    what were the results from housecall, did it find anything?
     
  25. shetawk

    shetawk TS Rookie Topic Starter Posts: 38

    Housecall....

    Ran it twice.

    First time my monitor shut off and hd started racing. Rebooted.

    Second time it froze in last 2 minutes and wouldn't advance. Meanwhile, my hd made all kinds of noises and clunked and jumped.

    Will try it again before the end of the day.

    Usually use firefox but IE kept coming up so I checked off "preferred" on firefox and IE has been quiet.

    Computer has been running slow but there may be a lot of people on the network (verizon) now, jamming it with offers from microsoft and disneyworld for forwarding same prayer to 90 people.

    Will post back if I see anything.

    I am concerned about the change in shell32.dll. Can I find out how it was changed and whether it's harmful?

    Thank you. ST
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.