Avg has trojan sheriff in vault

AVG free says I have a trojan sheriff.D located in my spybot.exe program and that the file is in the vault.


If I click "remove from the vault" does that mean to delete the whole file from my computer or will it release it back into my hard drive?

Should I remove it, uninstall spybot and download it again?

Thank you. ST

is this avg anti virus or anti-spyware?

avg

Thank you so much for getting back so soon.

avg antivirus


I just took all spybot files off after emptying the vault and then emptied trash.

Sorry, I searched for avg and nothing came up. didn't know there were already posts on same subject.

No problem, infections are often unique to the infected machine, so it is always a good idea to get specific instructions.

If you are concerned that there still may be infections on your machine, and would like to clean them

Please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)

OK, it'll take me a while. Have to download HJT and find out what a combofix log is.

; )

testing...

testing...

testing 2...

testing 2...

Sheriff....rest coming. Thank you.

Removed, files attached.

AVG sheriff

Removed, attachment later.

Hijack avg sheriff.. Thank you

Removed. Attached to later posts.

What is a recovery console? Thank you. ST

What is a recovery console?

It is something that is on your windows install CD. You can install it on your computer for when we fix malware. In case something goes wrong we can recover your computer.

I am not seeing anything in your logs that looks bad though.

Can you please attach the AVG log and combofix logs as an attachment using the icon above your reply that looks like a paperclip

Here they are...

avg log is xml and site won't load it. What can I change ext to? Thank you.

change it to .txt or .log

C:\Program Files\Hijackthis\HijackThis.exe

and

C:\Program Files\Hijackthis\Crusty2.exe ?

Hope this works... avg sheriff thank you.

AVG just notified me that the sheriff is back in town in systm volume information\,restore{99D315FOD7-49D5-9FCC-528B21F98A9}\RP116\A0016556.exe
Trojan horse SpySheriff.D




thank you.

Crusty?

Somwhere on the site I was told to change Hijack to Crusty to avoid tricks to imbed viri in Hijack. There were two hijack.exe files, different sizes so I name one Crusty and the other Crusty2.

recovery console...

I installed the whole program.

Is the file called recovery console?

Thank you. ST

Ran avg again and it said shell32.dll was changed.

After I emptied virus chest on avg, I ran avg again and it said shell32.dll was changed.

Did search and cannot find shell32.dll. Could it have been renamed?

Afraid to turn my 'puter off because it may not come on again.

Searched for "trojan" and "sheriff" and nothing came up.

I'll do a trend housecall scan and see what comes up.

ST

I think you are ok. You wont see files in the system32 folder, because windows hides them from you unless you tell it to show them to you.

Where did you get the recovery console from?