Avg has trojan sheriff in vault

[Blind Dragon]

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[shetawk]

Here it is...2 viruses, 5 infected files... Thank you..

See attached file.

Thank you. ST

 

[shetawk]

Some of those files are from avg and othere from windows...

Are they all bad?

ST

 

[Blind Dragon]

No, you are infected. But as the log says at the top 2 viruses and 5 total infections.

I am going to look back through the last few logs and will be back in a little while.

 

[shetawk]

Symantec scan showed nothing wrong...

That's why I stopped subscribing to them years ago.

Trend caught 2 viri that Sy missed. ST

 

[shetawk]

F-Secure said not-virus bad joke was virus

Why are all the reports different?

 

[shetawk]

Ran F-Secure again and it did same thing...

Ran F-Secure again and it did same thing...

Will see if Kaspersky changes opinion. Thank you. ST

 

[Blind Dragon]

Hi shetawk, sorry for the delay, as you can tell we get pretty busy around here.

AVG Anti Spyware

• Download and install the latest version of AVG Anti Spyware
• Click Save File on the box that pops up after clicking the link
• The AVG installer will download to your desktop, Double click on this Icon
• In the installer Click Next, I agree, Next, Install, after it extracts the files, check box to launch AVGAS then Finish
• With the program launched, Select the Icon at the top that says UPDATE then Start Update in the left pane
• Now select the Icon at the top that says SHIELD then at the top of the left pane change "Resident Shield is ..." from Active to Inactive
• After the update click on the Scanner Icon at the top, then select the settings tab, in the first section "How to act?" click on recommended actions and change it to delete.In the reports section make sure it is set to Automatically generate report after every scan
• Click back to the Scan tab and select Complete System Scan

Attach the log back here

 

[shetawk]

Installed and ran avg spy...no report

Installed and ran avg spy...no report

Block saying "no report if not infected" was clicked, although I clicked "save scan report". There is nothing listed under "infections". There were usual shopping spythings and one copy of not-virus. Didn't find a way to copy info from report. Program supposedly deleted those files. Can I access them? Do I need to?

Reinstalled AVG antivirus and it said there were no viruses.

Ran Housecall again and it froze, didn't finish.

Ran Kaspersky and it said there were still viri. (report attached.)

Although my machine is running much better and faster, am concerned about change in shell32.dll file. Feel as though someone is looking over my shoulder and monitor will explode any second.

Is there a way I can pull that file out of installation disk and reinstall without reinstalling the whole program? How can I know whether it's doing something it shouldn't?

Thank you. ST

 

[Blind Dragon]

Looking better, the kaspersky scan only shows a few things. 2 of the 4 infections it is finding are in a restore point.

Can you please turn off system restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. click Yes to confirm that you want to turn off System Restore:

After you are clean we will turn system restore back on.
-----------------------------------------------------------------------------------------------------------------------------------------------------
Go to start -> control panel -> add/remove programs and uninstall the following if there:
SideStep

Launch Hijackthis again and select Do a System Scan and Save a log. attach this log

**I also need to know if you removed any entries with Hijackthis prior to attaching the log. One thing I was looking for is not there, but I see the file for it in the kaspersky scan. It looks like the entry had been removed but the file wasn't deleted.

 

[shetawk]

Just found out how to program reports on avg spy...

Here it is.

Subsequent report shows no intruders.

Thank you. ST

 

[Blind Dragon]

Excellent. Can you scan one more time with kaspersky just to be sure. Also let's secure some of the work you have done.

You may still have this from the preliminary instructions.
Crap Cleaner

• Download from HERE
• Close all browsers.
• Run the program and make sure all the boxes are ticked under the Windows and Applications tabs, Also check All Advanced tabs(except for the Old prefetch Data option, this should be unticked)
• Click the run cleaner button. Do this several times
• You can also click the registry icon on the left if you want and scan for problems, select fix, then backup your registry when it pops up.

Go to start -> Run -> type in combofix /u
*note the space between
*This will uninstall combofix
*removes vundofix backups
*removes quarentine files
*creates a fresh clean restore point

Remove Hijackthis from Start-> control panel -> add/remove programs
Remove the 3 tools from step 10 (smitfraud, vundofix,virtumondobegone) by dragging to the recycle bin

I recommend you keep
1 anti virus program
1 firewall
Spybot S&D + Adaware 2007, or your choice of anti-spyware

keep them updated.

You can also turn on tea timer in Spybot:

• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• check Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

 

[shetawk]

Still have a virus...

CC cleaned and I ran it a few more times with no more infection.

Hijack this wasn't on my list of programs to uninstall on control panel. Found it on my start menu. Don't know whether it cleaned completely.

Kaspersky says I still have a virus and damaged files.

Why weren't they cleaned out by the other programs?

Thank you. ST

 

[shetawk]

hijack this log again...

Here's hijack again.

Thank you. ST

 

[Blind Dragon]

Use Windows Explorer to navigate to and delete the following folder:

• Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E

Files:
C:\Kitandkaboodle\Documents\~Documents2\Travel <-This folder only

afterwards restart your computer and run kaspersky 1 more time. I think this should be the end of it.

Also, before the next time I post
Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update TAb at the top
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

 

[shetawk]

Attaching new Kaspersky - Thank you.

Attaching new Kaspersky. Looks as though there's one added.

- Thank you. ST

 

[shetawk]

Avg...

AVG shows c:windows\system32\drivers\etc\hosts change but not virus.



Running ad aware now.

 

[Blind Dragon]

The current infection found by kaspersky is in your recycle bin

C:\RECYCLER\S-1-5-21-507921405-1965331169-839522115-1003\Dc6\SideStepSetup.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.SideStep.g
C:\RECYCLER\S-1-5-21-507921405-1965331169-839522115-1003\Dc6\SideStepSetup.exe WiseSFX:

To remove it simply empty your recycle bin
----------------------------------------------------------------------------------------------------------

Launch Spybot S&D and update it, then click immunize icon, after the green bar goes across once click the green + symbol to immunize your system.

At the top click on Mode, then select advanced, then click on the tools section at the bottom.

Hosts file will be one of the options -> double click it (once you use this program regularly, you can restore your host file to various dates, I have about 10 different dates to choose from on mine) but for now -> click on add Spybot S&D Host list

Then click on the attach icon here (looks like paperclip) and navigate to the following file
C:\windows\system32\drivers\etc\hosts.txt and attach the file here for me to check it

 

[shetawk]

Here it is...in installments.

Board wouldn't accept it as it was so I copied and made a txt file but it was still too big to send so I chopped it.

 

[Blind Dragon]

Your host file is fine.

Go to My computer -> C:\windows\system32\drivers\etc\host.txt and right click on the file, choose properties and ensure that Read Only is checked. If it is close the window. If it is not checked, go ahead and put a check in the box and click OK

That should take care of everything -> just to be safe lets run 1 more scan with kaspersky and ensure that it comes up clean. If so follow below:

:Set correct settings for files:

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please check Hide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

:clear system restore points:

• 
  This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

 

[shetawk]

Ya a-a-a-a-ay ! Thank you.

So, does this mean that since Kaspersky was able to find the viri and infected files and the other programs weren't so exact, that I should buy Kaspersky?

Does the full version delete the files and viri and not just find them?

Also, since I did the java thing, my firefox won't support my pogo.com word games, saying I don't have the correct java. IE will run tumblebees once and then punk out, saying there is a java problem.

Thank you so much. ST

 

[Blind Dragon]

Different scanners have different definitions, I suggested Kaspersky because Trend Micro Housecall wasn't working, and I saw that Kaspersky had the definitions for some of your infections. Kaspersky has a great Anti-Virus program and if you think you want it - I believe they have a free trial.

In my opinion you will get great anti-virus protection from many free programs such AVG, Avast, or Avira

Also keep a firewall active at all times, I just realized that you removed your firewall and should install one of these ASAP

• Comodo
  Kerio
  Online Armor
  Zonealarm

These are all free good firewall programs

You want to have a combonation of anti-spyware (adaware and spybot is what I keep, update regularly and scan with)
----------------------------------------------------------------------------------------------

For the Java, did you update through the console in control panel or through the link? Also did you remove older versions except java 6 update 5

 

[Row1]

you get viruses from places like pogo

"I don't go to weird websites."

FYI: places like pogo where you play free online games, get free wallpaper, get free screensavers, send free greeting cards that jump around and sing, get 3 free mp3s for signing up to some music service, get free backgrounds for myspace, etc., are where you get these viruses and trojans.

some of them come in when you download the java applet to run these games, "register" to use the things on the website, use their download manager, etc.

i am not saying that the pogo website is giving you viruses and trojans. i am suggesting that these types of websites are where people will get ya when you download something - they exploit these types of sites. Just FYI.

 

[shetawk]

Thank you. Now my internet is extremely slow.

Now my internet is extremely slow. Firefox takes a long time to load and videos, especially utube are impossible.

Took everything out of start menu, emptied cache, deleted unnecessary programs. Must have deleted something I need when I did housecleaning.

Any suggestions from anyone on what could be slowing my internet? (It's been happening since yesterday but was okay before that.)

Have verizon hi speed and two 75.5 gig hds; AMD Sempron Processor

2800+ 1.60 GHz, 960 MB or RAM

MSWXP Pro 2002 Service Pack 2

Thank you. ST

 

[Blind Dragon]

Am I supposed to be responding to this? you never responded to my last post