Avg has trojan sheriff in vault

[shetawk]

AVG free says I have a trojan sheriff.D located in my spybot.exe program and that the file is in the vault.


If I click "remove from the vault" does that mean to delete the whole file from my computer or will it release it back into my hard drive?

Should I remove it, uninstall spybot and download it again?

Thank you. ST

 

[Blind Dragon]

is this avg anti virus or anti-spyware?

 

[shetawk]

avg

Thank you so much for getting back so soon.

avg antivirus


I just took all spybot files off after emptying the vault and then emptied trash.

Sorry, I searched for avg and nothing came up. didn't know there were already posts on same subject.

 

[Blind Dragon]

No problem, infections are often unique to the infected machine, so it is always a good idea to get specific instructions.

If you are concerned that there still may be infections on your machine, and would like to clean them

Please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)

 

[shetawk]

OK, it'll take me a while. Have to download HJT and find out what a combofix log is.

; )

 

[shetawk]

testing...

testing...

 

[shetawk]

testing 2...

testing 2...

 

[shetawk]

Sheriff....rest coming. Thank you.

Removed, files attached.

 

[shetawk]

AVG sheriff

Removed, attachment later.

 

[shetawk]

Hijack avg sheriff.. Thank you

Removed. Attached to later posts.

 

[shetawk]

What is a recovery console? Thank you. ST

What is a recovery console?

 

[Blind Dragon]

It is something that is on your windows install CD. You can install it on your computer for when we fix malware. In case something goes wrong we can recover your computer.

I am not seeing anything in your logs that looks bad though.

Can you please attach the AVG log and combofix logs as an attachment using the icon above your reply that looks like a paperclip

 

[shetawk]

Here they are...

avg log is xml and site won't load it. What can I change ext to? Thank you.

 

[Blind Dragon]

change it to .txt or .log

 

[kritius]

C:\Program Files\Hijackthis\HijackThis.exe

and

C:\Program Files\Hijackthis\Crusty2.exe ?

 

[shetawk]

Hope this works... avg sheriff thank you.

AVG just notified me that the sheriff is back in town in systm volume information\,restore{99D315FOD7-49D5-9FCC-528B21F98A9}\RP116\A0016556.exe
Trojan horse SpySheriff.D




thank you.

 

[shetawk]

Crusty?

Somwhere on the site I was told to change Hijack to Crusty to avoid tricks to imbed viri in Hijack. There were two hijack.exe files, different sizes so I name one Crusty and the other Crusty2.

C:\Program Files\Hijackthis\HijackThis.exe

and

C:\Program Files\Hijackthis\Crusty2.exe ?

 

[shetawk]

recovery console...

I installed the whole program.

Is the file called recovery console?

Thank you. ST

 

[shetawk]

Ran avg again and it said shell32.dll was changed.

After I emptied virus chest on avg, I ran avg again and it said shell32.dll was changed.

Did search and cannot find shell32.dll. Could it have been renamed?

Afraid to turn my 'puter off because it may not come on again.

Searched for "trojan" and "sheriff" and nothing came up.

I'll do a trend housecall scan and see what comes up.

ST

 

[Blind Dragon]

I think you are ok. You wont see files in the system32 folder, because windows hides them from you unless you tell it to show them to you.

Where did you get the recovery console from?

 

[shetawk]

recovery console...

Thank you. Hope you're right.

Am now running housecall.

If shell 32.dll changed, won't that affect my computer system?

I don't have a recovery console. Searched but didn't find.

Can revert to other dates but never saw a recovery program where I could put a disk in and start up again after my computer died.

When I installed windows, I didn't go into detail, just installed everything.

ST

 

[shetawk]

Anyway, how did this trojan get through?

Have avg and run it every day.

Microsoft has virus program running, too.

I don't go to weird websites.

How could it happen?

ST

 

[shetawk]

Was avg/sheriff....My computer went wild...

Was doing trend housecall.

Monitor went off and hd was racing.

Did the complicated tech thing. Unplugged and replugged and it seems okay now.

How will I know if my computer is all right?

Is it safe to use my thumb drive with passwords and bank info?

ST

 

[Blind Dragon]

what were the results from housecall, did it find anything?

 

[shetawk]

Housecall....

Ran it twice.

First time my monitor shut off and hd started racing. Rebooted.

Second time it froze in last 2 minutes and wouldn't advance. Meanwhile, my hd made all kinds of noises and clunked and jumped.

Will try it again before the end of the day.

Usually use firefox but IE kept coming up so I checked off "preferred" on firefox and IE has been quiet.

Computer has been running slow but there may be a lot of people on the network (verizon) now, jamming it with offers from microsoft and disneyworld for forwarding same prayer to 90 people.

Will post back if I see anything.

I am concerned about the change in shell32.dll. Can I find out how it was changed and whether it's harmful?

Thank you. ST