Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Heur [Closed]


  • This topic is locked This topic is locked

#1
jamesrides

jamesrides

    New Member

  • Member
  • Pip
  • 2 posts
I've run AVG and received messages of virus' found Win32/Heur, trojan horse back door.generic10.aqlp, and adware generic 3. ajdi. AVG ran for 24 hrs and seemed to continue to find the same virus' over and over. My system seems to be running slower than usual. I did all the things I was supposed to before posting. I have also downloaded other protection software recommended on this site. malware bytes' antimalware, Comodo firewall. I just want to be sure my system is "clean" from malware in all the nooks and crannies that it may hide while the system appears to be clean.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there do you have access to another computer where you can download some programmes to and either save to CD or USB stick ?

If so I will need you to download and save the following three programmes do not run any on the infected system yet

1. Dr. Web
2. Sality_off
3. AVZ

If you can do that let me know when you are ready for the next stage
  • 0

#3
jamesrides

jamesrides

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I will have access to another computer tomorrow. I will download the 3 programs you mentioned and contact you again once I have them.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In case you are ready before I get on line, here follow the destructions

Copy this post to a text file for reference as I will require you to be disconnected from the internet throughout this procedure

OK we will begin by running Dr. Web from the flash drive (do not move it to the infected computer)

Stage 1 Dr Web

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

As soon as Dr. Web has run look at the report and if you see the following go to Stage 2 any file with this after it Win32.Sector.5
if you do not see that then go to Stage 3

Stage 2 Sality Off

Step 1.

Unpack the file Sality_off.rar
Run the file Sality_off.exe with the key -m
To do this select run from the start menu.
Select browse and locate sality_off.exe click once.
The file will now appear in the run box.
Using the mouse double left click in the box and the cursor will then appear after the .exe part. now press the spacebar and type in -m then select OK


Step 2. Signs of a disinfected/ clean computer

when restarted, the utility sality_off.exe –m does not detect any signs of infection (the line "infected thread terminated" is missing)


Stage 3 AVZ

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Logs required : Dr Web and both AVZ zip files
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP