I am getting constant pop ups from Avira Guard.

Pop Ups attached.

I have run the 8 steps however the propblem still persists. (Logs attached)

Since following the 8 steps it has only been the first on the pop up list that continues to pop up.

Would someone please help me and let me know what I need to do from here.

Thanks in advance for your time and help.

Brad (Phocks)

Attached Files

	mbam-log-2008-12-28 (19-50-36).txt (2.9 KB, 2 views)
	SUPERAntiSpyware Scan Log - 12-28-2008 - 22-48-55.log (2.1 KB, 2 views)
	hijackthis.log (8.5 KB, 3 views)
	PopUps.txt (1.0 KB, 4 views)

The first listed "popup" in the file refers to a System Restore folder. All appearances are that the infection was handled.

• Update MBAM & SAS.
  
• Rescan with MBAM & SAS until they report clean or something that cannot be cleared. Post logs showing infections.
  
  
• Next, obtain ComboFix & scan. Diagnostic info will add more understanding to the 'desktop' aspects from this infection.
  
  
• Restart the computer & scan with HJT.
  
• Post logs & describe findings & how things appear to be running.

Additional Information

Hey,

Thanks for your help.

I have run the scans as per your advice.

MBAM found no infections on the first scan.

SAS I had to run 3 times with the third scan being clean (2 infected logs attached)

ComboFix and Hijack This log also attached.

One thing, while running Combofix a pop up box come saying I did not have 'windows recovery cosole' and I should install one....is this something I need to look into??

Thanks again for your help.

Please let me know if I am clean or there is anything else I should do.

Thanks

Brad (Phocks)

Attached Files

	SUPERAntiSpyware Scan Log - 12-31-2008 - 17-30-04.log (1.7 KB, 1 views)
	SUPERAntiSpyware Scan Log - 12-31-2008 - 19-14-54.log (647 Bytes, 1 views)
	ComboFix.txt (11.1 KB, 1 views)
	hijackthis.log (8.1 KB, 3 views)

CLEAN
only 2 dead keys in your registery and if you run Hijack this it should remove them also just check them


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Thanks heaps.

Should I keep all the programs that I downloaded through this poccess???

Are there any recommended methods to reduce the risk of any further virus???

Thanks again for your help.

Cheers

Brad (Phocks)

I would now:

• Uninstall Malwarebytes through Add/remove programs

• Keep SuperantiSpyware but disable it on start up
  Go Start>Run an type "MSCONFIG".Then go to he start up tab and uncheck Superantispyware.

• Also you can remove Hijackthis now as probably next time you come to use it it will be out of date

Finally keep scanning with superantispyware and Avira and you should stay clean.

Create a new thread if you need more help in the future.

Thanks for providing the ComboFix log. This gives me a perspective on the capability of the standard tools. The major finding was ‘work space’ used by one of the trojans, and was no longer an active part of any infection.

Recovery Console
I recommend installing it. It is ‘cheap’ insurance against disaster. The mere cost is a startup boot screen with every restart. This cost can be kept to a minimum by setting display timeout to between 2-6 seconds. And if you should ever need ‘safe mode’, this avoids the need to tap F8 at precisely the correct moment.

Setting the timeout -
Start > run > control sysdm.cpl,,3 > Startup and Recovery settings

Internet Security
I would add a firewall. ‘8-steps’ recommends two choices. For more reading see the link referenced in the following quote.

Cleanup
Uninstall ComboFix
Establish clean System Restore point
Use the inside the quote box for entire 'sticky' note.

Periodic Maintenance
Once or twice a month, I scan with MBAM & SAS to confrim my security applications are being effective. No single application is 100% effective.