TechSpot

[Inactive] 8 step logs

By Flannelwarrior
Mar 11, 2010
  1. Comodo virus scanner also removed several threats, but I can't find the plaintext or html logs
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If would be very helpful to know what the problem is.

    You also need to remove AVG since you are now using the Comodo Security Suite:
    AVG Removal: Note: You may have to reinstall AVG to uninstall it fully
     
  3. Flannelwarrior

    Flannelwarrior TS Rookie Topic Starter Posts: 149

    AVG is gone.

    My Comodo log is an htm file which can't be attached.

    There was a large occurance of "Heur.Suspicious@100221209" in C:\WINDOWS\system32\NTAgent.exe, C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP5\A0000145.exe


    I don't think this virus is gone because Comodo still gives me popups about it sometimes.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay,m we can go through the system for malware. But I would like to explain what System Volume is> these are the System Restore points. If you have malware only the these files, it is not active in the system. at the end of cleaning, we have you remove the old restore points and set a new clean one.

    The only danger of malware in that location is if you do a system Restore from a date that had an infected file. Then you could reinfect a clean system.

    One thing you did not do was check the part in Malwarebytes to have it remove the entries it finds. So the malware entry shows No Action Taken Please update Mbam and scan again, taking care to follow this:
    "When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected."

    Asus has an app called Super Hybrid Engine. It's function is to manage the power in the EeePC allowing it work for more hours. Also, it may manage some Fn keys. Your entry for this is:
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    The full entry should be:
    O4 - Global Startup: SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

    It might not be functioning properly and if you use it, you might want t reinstall the process.

    Please Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    I'll check that log for you and see if anything further needs to be done. I am also requesting a better description of the problem. Win32Heur is a virus frequently found by AVG. It can be an indication of another more serious malware infection. Comodo is telling you that a file or files in the System Restore folder fits this profile. But unless we find it elsewhere, it isn't significant and I'll have you remove it when we're through.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.