Unable to remove Win32/heur

Status
Not open for further replies.
K

Kasu

Posts: 13   +0
OK so i just bought a new pc i started installing a few things and then next thing i know AVG is telling me everything has this win32/huer. I had this happen to my old PC and i took it to tech support in town and they just told me to get brand new hard drives.... but i've just paid for these so there is no way thats going to happen... i followed a few guides including guides on this website and still no luck

I've attached my logs @.@ i hope this can be sorted out....

1 last thing i have noticed formatting your Hard drive does not get rid of this virus :/
 
Hello Kasu

It can be false positives from AVG.

Let´s see what a combolog "say"

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
 
OK i downloaded combo fix and plugged in my external hard drive double clicked combo fix and was greeted with the message

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix Package has been Compromised.
Please download a fresh copy from:

h t t p : / / w w w . bleepingcomputer . c o m /combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)



i downloaded a fresh copy and same message pops up i also put my own spaces in that message >.> coz of the whole not aloud to post links thing lol
 
Download The Avenger by Swandog46 from http://swandog46.geekstogo.com/avenger2/download.php.
Unzip/extract it to a folder on your desktop.

Double click on avenger.exe to run The Avenger.
Click OK.

Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below quotebox to the clibpboard by highlighting it and then pressing Ctrl+C.


Files to delete:
c:\windows\system32\10.tmp
c:\windows\system32\D.tmp
c:\windows\system32\F.tmp
c:\windows\system32\E.tmp
c:\windows\system32\C.tmp
c:\windows\system32\B.tmp
c:\windows\system32\A.tmp
c:\windows\system32\7.tmp
c:\windows\system32\9.tmp
c:\windows\system32\8.tmp
c:\windows\system32\6.tmp
c:\windows\system32\5.tmp
c:\windows\system32\72F.tmp
c:\windows\system32\72B.tmp
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\twext.exe

Folders to delete:
c:\docume~1\kasu\applic~1\Azureus
Click to expand...

In the avenger window, click the Paste Script from Clipboard icon, button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.

Your PC will now be rebooted.

After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Please attach Avenger log, and tell how your computer are behaving now ?
 
Win32/heur

Don't know if they're related, but in a recent post click here AVG detected a so called virus in an update that Avira was trying to donwload, (I was running both AVG & Avira anti-virus software).

The threat warning from AVG was: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll. The underlining is mine.

After researching it in other forums from Google, the consensus of opion is that it's a false positive. And apparently AVG has a history of problems with this particular item. This is a link to the article click here.
 
AVG is still having a mental fit, I think i'm going to uninstal it and get a proper antivirus after all this.

still cannont open MSconfig
Still cannot turn on windows firewall

as soon as PC starts
AVG Resident Sheild Alert pops up saying
C:\Program files\Windows Media Player\wmpnscfg.exe | Virus Found win32/heur
C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe | Virus Found win32/heur
C:\WINDOWS\system32\twext.exe | Virus Found win32/heur
C:\WINDOWS\system32\twext.exe | Virus Found win32/heur
 
Poppa Bear -> AVG8 Free are known for many false positives. But we don´t demand user´s to remove it. However, we suggest they do ;)


Kasu -->> Plase attach fresh hijackthis log.
 
here is the second hijack this log.
I was just talking with my mother on the phone and she said that she had a spare Norton antivirus license which she had got about a month ago. So i assume that will be fine to run on the PC with Malewares and CC Cleaner?
 
Norton will be fine to run on the PC with Malewares and CC Cleaner?

Have you Norton install file ?

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.


Open the SDFix folder on your desktop and copy and paste the contents of Report.txt
 
ok just finished that

as soon as PC starts
AVG Resident Sheild Alert pops up saying
C:\Program files\Windows Media Player\wmpnscfg.exe | Virus Found win32/heur
C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe | Virus Found win32/heur

My mother is comming aorund in about an hour with Nortons so i'll get it then.

EDIT:
What is HTML/framer? thats poped up on random occasions but only with AVG nothing else says its a threat.
 
Virusscan.jotti isnt working

and the second says thing when i try to send wmpnscfg.exe
0 bytes size received / Se ha recibido un archivo vacio

its saying that for both.
and when i open the foler
C:\WINDOWS\installer\{90110409-6000-11D3-8CFE-0150048383C9}\

AVG pops up saying everything in there has Win32/huer


EDIT: i just got nortons shall i install it now and remove AVG?
 
Yes, use this -> Uninstall your AVG Antivirus
Run the AVGRemove Tool

Reboot, install Norton, update it, run a complete scan.

Attach fresh hijackthis log, and let Me know how things are running ?
 
after updating and scanning with norton my pc gets to the logon screen i click to log on and it just logs me out instantly...
 
no it does the same thing

its be formatting time now? lol if this is the case i dont mind i just hope win32/huer is gone coz last time i formatted it was still there
 
Bootable ISO Image for KillDisk for DOS Free version

thats the one i download right? then i burn it to cd as an imagine then i can put it in and run it correct?
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
468
eriksnyman1
E
A
Please help: Intel Core i9-11900KF with a H510M H V2 motherboard
Replies
2
Views
280
HardReset
H
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni

Latest posts

Back