setup.exe and autorun.inf in My Shared Documents folder

[OkComp]

Hi,

I have these files setup.exe and autorun.inf in My Shared Documents folder. I am pretty sure they are virus. I've delete the files several times but they keep reappearing. I am running AVG Antivirus, AVG Anti Spyware, AdAware & Spybot in my computer. I am attaching my hijackthis log file. I would appreciate your help

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved your tread to the correct forum.

You`re running an outdated version of HijackThis.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[OkComp]

Hi Howard,

I appreciate your quick response and your help. I followed all the steps suggested in your link. I am attaching all the logs for AVG Anti Spyware, HijackThis and ComboFix. I also conducted a scan with AVG Anti-Rootkit Beta and no hidden objects were found.

Thanx again

 

[howard_hopkinso]

Your HJT log is clean.

Do you still have the setup.exe and autorun.inf problem?

Regards Howard

This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[OkComp]

Hi Howard,

Right now I only have autorun.inf. Should I just delete it?

 

[howard_hopkinso]

Yes, delete it and let me know if you have further problems.

Regards Howard

This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[OkComp]

Hi,

I am still having the same problem with those files. I did all over again. AVG Antivirus found that the setup.exe file is infected as a Trojan Horse Proxy.26.AX . Anyway I am attaching all of my logs. I deleted the files as you suggested.

 

[momok]

Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

IFinst26.exe
Viewpoint <- anything related to this

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\IFinst26.exe
C:\WINDOWS\system32\MTXSYNCICON.dll
C:\WINDOWS\system32\muzapp.dll
C:\WINDOWS\system32\MACXMLProto.dll
C:\WINDOWS\system32\MTTELECHIP.dll
C:\WINDOWS\system32\MASetupWizard.dll
C:\WINDOWS\system32\MSCLib.dll
C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\system32\MSFLib.dll
C:\WINDOWS\system32\muzaf1.dll
C:\WINDOWS\system32\tg_dump.dll
C:\DOCUME~1\PHC\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\WINDOWS\system32\uxtuneup.dll

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh ComboFix and AVG Antispyware log from normal mode as an attachment into this thread.


Regards,
Your friendly Momok =)

This thread is for the use of OkComp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[OkComp]

Hi,

thanx for helping me. i followed your instructions and deleted the previously mentioned files. here are the new logs.

 

[momok]

Hi,

Your logs look clean now.

Turn off system restore (XP/ME only). Learn how to do that HERE.

This will remove all the remaining nasties from your old restore points.
After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly Momok =)

This thread is for the use of OkComp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.