Win32/Heur

Status
Not open for further replies.
N

nutta

Posts: 10   +0
Hi all, AVG recently alerted me to a few high risk threats called win32/heur. I did a search for this and it lead me to your site. I have done the 8 steps and I have attached my log files, Please let me know if you need any more information.

Is there anything else I need to do? Any help will be much appreciated. Regards, Nutta
 

Attachments

  • hijackthis.log
    6.7 KB · Views: 5
  • mbam-log-2009-06-17 (09-56-44).txt
    1.1 KB · Views: 6
  • SUPERAntiSpyware Scan Log - 06-17-2009 - 10-44-14.log
    524 bytes · Views: 5
No one? Can someone please have a look at my hijackthis log to confirm its clean.

I read some more post's here about win32/heur, looks to be a common theme of AVG and false positives. If this is correct, i will un-install AVG and try something else. But as you can see the mbam log and superanitspyware log, it did get a few hits.

Cheers,


(edited for spelling, was in a rush sorry)
 
Run HJT Scan only and select to Fix the below
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Update and run both MBAM and SAS "Quickscans" to confirm they find no more and that we have a clean log!

Then

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

After you post the ComboFix log do the below..

Download DrWeb Cureit: http://www.snapfiles.com/get/cureit.html

Boot to Safe mode and run it.

Boot to Normal and post its log!

That should get it!

Mike
 
thanks Mike for having a look at my problem, much appreciated.

Im running the scans now. I will upload the logs as soon as i can.
 
Hi Mike,

I removed O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Run quickscans of both MBAM and SAS(both come up with nothing)

Here is the combofix log and the new HJT log, sorry it took so long.


I am running DrWeb Cureit now and should have the log to you soon.

Thanks once again.
 
i ran DrWeb as safe made and it didn't find anything. For some reason it wont let me save a copy of the log(option is greyed out)

So i ran it in normal mode and same thing, didn't find anything but still cant save the log.

What do you think?
 
OK good!

So get me a status of the computer! All logs are clear so... How is it running now?

Mike
 
Great!

Now do the below!

Thread Closing-------------------------------------------------------------------

Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.

Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.

Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean. You may have this from the 8 Steps.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
ERUNT
Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

ERUNT http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.
-------------------------------------------------------------------------------------

Every two weeks or so, run MBAM and SAS until clean.

They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

If they find something they can not clean, then get back to us.

Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to be used with and to co-exist with other Virus scanners.

Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

It's like looking at it with 2 sets of eyes and from a different angle.

It works like some Firewalls do to learn what is good/bad.

After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

As it queries you about the prompt to help you determine to approve or not you can google it with one click.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

A Disk Scan (chkdsk) and Defrag are in order.

Mike
 
I have done the steps you suggested and all looks well. Thank you so much for your help.

You can close this thread if you like.

Cheers
Nutta
 
Status
Not open for further replies.

Similar threads

midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
209
ZedRM
ZedRM
Shawn Knight
Google recently mitigated the largest DDoS attack ever, peaking at 398 million requests...
Replies
3
Views
358
WhoCaresAnymore
WhoCaresAnymore
A
Broadcom showcases huge XPU AI accelerator for mystery client
Replies
0
Views
105
Alfonso Maruccia
A

Latest posts

Back