TechSpot

Unable to remove Win32/heur

By Kasu
May 7, 2009
  1. OK so i just bought a new pc i started installing a few things and then next thing i know AVG is telling me everything has this win32/huer. I had this happen to my old PC and i took it to tech support in town and they just told me to get brand new hard drives.... but i've just paid for these so there is no way thats going to happen... i followed a few guides including guides on this website and still no luck

    I've attached my logs @.@ i hope this can be sorted out....

    1 last thing i have noticed formatting your Hard drive does not get rid of this virus :/
     
  2. touch

    touch TS Rookie Posts: 978

    Hello Kasu

    It can be false positives from AVG.

    Let´s see what a combolog "say"

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  3. Kasu

    Kasu TS Rookie Topic Starter

    OK i downloaded combo fix and plugged in my external hard drive double clicked combo fix and was greeted with the message

    !! ALERT !! It is NOT SAFE to continue!

    The contents of the ComboFix Package has been Compromised.
    Please download a fresh copy from:

    h t t p : / / w w w . bleepingcomputer . c o m /combofix/how-to-use-combofix

    Note: You may be infected with a file patching virus (Virut)



    i downloaded a fresh copy and same message pops up i also put my own spaces in that message >.> coz of the whole not aloud to post links thing lol
     
  4. Kasu

    Kasu TS Rookie Topic Starter

    There is a file called Bug.txt in my C:/ and here it is
     
  5. touch

    touch TS Rookie Posts: 978

  6. Kasu

    Kasu TS Rookie Topic Starter

    there we go the file you asked for
     

    Attached Files:

    • DDS.txt
      File size:
      12.4 KB
      Views:
      6
  7. touch

    touch TS Rookie Posts: 978

    Download The Avenger by Swandog46 from http://swandog46.geekstogo.com/avenger2/download.php.
    Unzip/extract it to a folder on your desktop.

    Double click on avenger.exe to run The Avenger.
    Click OK.

    Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    Copy all of the text in the below quotebox to the clibpboard by highlighting it and then pressing Ctrl+C.


    In the avenger window, click the Paste Script from Clipboard icon, button.
    Click the Execute button.
    You will be asked Are you sure you want to execute the current script?.
    Click Yes.
    You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    Click Yes.

    Your PC will now be rebooted.

    After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

    Please attach Avenger log, and tell how your computer are behaving now ?
     
  8. Poppa Bear

    Poppa Bear TS Enthusiast Posts: 237   +7

    Win32/heur

    Don't know if they're related, but in a recent post click here AVG detected a so called virus in an update that Avira was trying to donwload, (I was running both AVG & Avira anti-virus software).

    The threat warning from AVG was: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll. The underlining is mine.

    After researching it in other forums from Google, the consensus of opion is that it's a false positive. And apparently AVG has a history of problems with this particular item. This is a link to the article click here.
     
  9. Kasu

    Kasu TS Rookie Topic Starter

    AVG is still having a mental fit, I think i'm going to uninstal it and get a proper antivirus after all this.

    still cannont open MSconfig
    Still cannot turn on windows firewall

    as soon as PC starts
    AVG Resident Sheild Alert pops up saying
    C:\Program files\Windows Media Player\wmpnscfg.exe | Virus Found win32/heur
    C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe | Virus Found win32/heur
    C:\WINDOWS\system32\twext.exe | Virus Found win32/heur
    C:\WINDOWS\system32\twext.exe | Virus Found win32/heur
     
  10. touch

    touch TS Rookie Posts: 978

    Poppa Bear -> AVG8 Free are known for many false positives. But we don´t demand user´s to remove it. However, we suggest they do ;)


    Kasu -->> Plase attach fresh hijackthis log.
     
  11. Kasu

    Kasu TS Rookie Topic Starter

    here is the second hijack this log.
    I was just talking with my mother on the phone and she said that she had a spare Norton antivirus license which she had got about a month ago. So i assume that will be fine to run on the PC with Malewares and CC Cleaner?
     
  12. touch

    touch TS Rookie Posts: 978

    Norton will be fine to run on the PC with Malewares and CC Cleaner?

    Have you Norton install file ?

    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)
    and save it to your desktop.

    When you have done this, please boot into Safe Mode (Tap F8 during startup).

    Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

    Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

    When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.


    Open the SDFix folder on your desktop and copy and paste the contents of Report.txt
     
  13. Kasu

    Kasu TS Rookie Topic Starter

    ok just finished that

    as soon as PC starts
    AVG Resident Sheild Alert pops up saying
    C:\Program files\Windows Media Player\wmpnscfg.exe | Virus Found win32/heur
    C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe | Virus Found win32/heur

    My mother is comming aorund in about an hour with Nortons so i'll get it then.

    EDIT:
    What is HTML/framer? thats poped up on random occasions but only with AVG nothing else says its a threat.
     
  14. touch

    touch TS Rookie Posts: 978

    I can´t tell why AVG treat is a threat

    I suggest you check the files, as I think it is AVG false positives.

    Please upload and have these files scanned:
    C:\Program files\Windows Media Player\wmpnscfg.exe
    C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

    Here:
    http://virusscan.jotti.org/ Or here: http://www.virustotal.com/en/indexf.html

    Attach back the results
     
  15. Kasu

    Kasu TS Rookie Topic Starter

    Virusscan.jotti isnt working

    and the second says thing when i try to send wmpnscfg.exe
    0 bytes size received / Se ha recibido un archivo vacio

    its saying that for both.
    and when i open the foler
    C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\

    AVG pops up saying everything in there has Win32/huer


    EDIT: i just got nortons shall i install it now and remove AVG?
     
  16. touch

    touch TS Rookie Posts: 978

    Yes, use this -> Uninstall your AVG Antivirus
    Run the AVGRemove Tool

    Reboot, install Norton, update it, run a complete scan.

    Attach fresh hijackthis log, and let Me know how things are running ?
     
  17. Kasu

    Kasu TS Rookie Topic Starter

    after updating and scanning with norton my pc gets to the logon screen i click to log on and it just logs me out instantly...
     
  18. touch

    touch TS Rookie Posts: 978

    Can you boot to Safe mode ?
     
  19. Kasu

    Kasu TS Rookie Topic Starter

    no it does the same thing

    its be formatting time now? lol if this is the case i dont mind i just hope win32/huer is gone coz last time i formatted it was still there
     
  20. touch

    touch TS Rookie Posts: 978

  21. Kasu

    Kasu TS Rookie Topic Starter

    Bootable ISO Image for KillDisk for DOS Free version

    thats the one i download right? then i burn it to cd as an imagine then i can put it in and run it correct?
     
  22. touch

    touch TS Rookie Posts: 978

    That´s correct ;)
     
  23. Kasu

    Kasu TS Rookie Topic Starter

    everything seems to be working now after running that killdisk.

    Thank you for your help
     
  24. touch

    touch TS Rookie Posts: 978

    I was glad to help :)

    Just a bit unfortunate that it ended up with a reinstall.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...