Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help with malaware please? [Solved]


  • This topic is locked This topic is locked

#16
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
I think that first one is probably a false positive, but we'll check it out.

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Program Files\YASAMPEGEncoder\YASAMPEGEncoder.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Repeat the process for:
    • G:\Music\ek music\from old comp\New Folder\ek music\AGSetup0608.exe
  • Paste the contents of the Clipboard, for both files in your next reply

  • 0

Advertisements


#17
djsnoopy11

djsnoopy11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
File Name : AGSetup0608.exe
File Size : 571165 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : bfcaaba2d2f876355024d2936912fd0e
SHA1 : de8122bc45d3a0a985f5af483c2fcd73eb8e88f2

Scanner results
Scanner results : 25% Scanner(s) (9/36) found malware!
Time : 2010/06/23 19:39:13 (CDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.0.0.11 20100624063430 2010-06-24
Riskware.AdWare.Win32.Gator!IK
5.901
AhnLab V3 2010.06.18.01 2010.06.18 2010-06-18
-
1.614
AntiVir 8.2.4.2 7.10.8.180 2010-06-23
-
0.281
Antiy 2.0.18 20100620.4774407 2010-06-20
-
0.018
Arcavir 2009 201006231702 2010-06-23
-
0.074
Authentium 5.1.1 201006231928 2010-06-23
-
1.589
AVAST! 4.7.4 100623-1 2010-06-23
-
0.032
AVG 8.5.793 271.1.1/2959 2010-06-24
-
1.603
BitDefender 7.90123.6273279 7.32379 2010-06-24
Gen:[email protected]
4.289
ClamAV 0.96.1 11251 2010-06-23
-
0.087
Comodo 3.13.579 5198 2010-06-23
ApplicUnwnt.Win32.Adware.Gator.1050
0.846
CP Secure 1.3.0.5 2010.06.24 2010-06-24
-
0.098
Dr.Web 5.0.2.3300 2010.06.24 2010-06-24
Adware.Gator
9.134
F-Prot 4.4.4.56 20100623 2010-06-23
-
1.443
F-Secure 7.02.73807 2010.06.23.07 2010-06-23
-
1.157
Fortinet 4.1.133 12.79 2010-06-23
-
0.496
GData 21.400/21.144 20100624 2010-06-24
-
9.254
Ikarus T3.1.01.84 2010.06.23.76128 2010-06-23
not-a-virus:AdWare.Win32.Gator
7.125
JiangMin 13.0.900 2010.06.23 2010-06-23
-
1.241
Kaspersky 5.5.10 2010.06.23 2010-06-23
not-a-virus:AdWare.Win32.Gator.1050
1.011
KingSoft 2009.2.5.15 2010.6.23.21 2010-06-23
-
1.194
McAfee 5400.1158 6022 2010-06-23
-
16.958
Microsoft 1.5902 2010.06.23 2010-06-23
-
7.423
Norman 6.05.10 6.05.00 2010-06-23
-
6.011
nProtect 20100622.01 8754154 2010-06-22
-
22.679
Panda 9.05.01 2010.06.23 2010-06-23
Adware/Gator
2.196
Quick Heal 10.00 2010.06.23 2010-06-23
-
3.576
Rising 20.0 22.53.02.04 2010-06-23
-
3.115
Sophos 3.07.1 4.54 2010-06-24
-
3.573
Sunbelt 3.9.2426.2 6496 2010-06-23
-
12.084
Symantec 1.3.0.24 20100615.005 2010-06-15
-
0.057
The Hacker 6.5.2.0 v00303 2010-06-22
Adware/Gator.3202 (Unwanted)
3.529
Trend Micro 9.120-1004 7.262.17 2010-06-23
-
0.045
VBA32 3.12.12.5 20100623.0914 2010-06-23
AdWare.Win32.Gator.1050
2.856
ViRobot 20100623 2010.06.23 2010-06-23
-
0.386
VirusBuster 4.5.11.10 10.126.99/2021986 2010-06-23
-
2.503

File information
File Name : YASAMPEGEncoder.exe
File Size : 2913792 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 47748aab5c3c6190e5e557e0b44be451
SHA1 : 54328a9607753224e4aebdecc5b2335251bdfd8c

Scanner results
Scanner results : 8% Scanner(s) (3/36) found malware!
Time : 2010/06/23 19:14:35 (CDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.0.0.11 20100624063430 2010-06-24
-
6.867
AhnLab V3 2010.06.18.01 2010.06.18 2010-06-18
-
1.699
AntiVir 8.2.4.2 7.10.8.180 2010-06-23
-
0.555
Antiy 2.0.18 20100620.4774407 2010-06-20
-
0.018
Arcavir 2009 201006231702 2010-06-23
-
0.213
Authentium 5.1.1 201006231928 2010-06-23
-
1.969
AVAST! 4.7.4 100623-1 2010-06-23
-
0.742
AVG 8.5.793 271.1.1/2959 2010-06-24
-
1.984
BitDefender 7.90123.6273279 7.32379 2010-06-24
-
4.728
ClamAV 0.96.1 11251 2010-06-23
-
3.246
Comodo 3.13.579 5198 2010-06-23
-
2.648
CP Secure 1.3.0.5 2010.06.24 2010-06-24
-
1.486
Dr.Web 5.0.2.3300 2010.06.24 2010-06-24
-
9.539
F-Prot 4.4.4.56 20100623 2010-06-23
-
8.603
F-Secure 7.02.73807 2010.06.23.07 2010-06-23
Trojan.Win32.Vilsel.tqi [AVP]
1.026
Fortinet 4.1.133 12.79 2010-06-23
-
0.470
GData 21.400/21.144 20100624 2010-06-24
Trojan.Win32.Vilsel.tqi [Engine:A]
7.825
Ikarus T3.1.01.84 2010.06.23.76128 2010-06-23
-
7.622
JiangMin 13.0.900 2010.06.23 2010-06-23
-
1.514
Kaspersky 5.5.10 2010.06.23 2010-06-23
Trojan.Win32.Vilsel.tqi
0.116
KingSoft 2009.2.5.15 2010.6.23.21 2010-06-23
-
2.026
McAfee 5400.1158 6022 2010-06-23
-
17.412
Microsoft 1.5902 2010.06.23 2010-06-23
-
11.555
Norman 6.05.10 6.05.00 2010-06-23
-
6.009
nProtect 20100622.01 8754154 2010-06-22
-
8.516
Panda 9.05.01 2010.06.23 2010-06-23
-
4.543
Quick Heal 10.00 2010.06.23 2010-06-23
-
2.276
Rising 20.0 22.53.02.04 2010-06-23
-
3.774
Sophos 3.07.1 4.54 2010-06-24
-
4.001
Sunbelt 3.9.2426.2 6496 2010-06-23
-
10.454
Symantec 1.3.0.24 20100615.005 2010-06-15
-
1.215
The Hacker 6.5.2.0 v00303 2010-06-22
-
0.840
Trend Micro 9.120-1004 7.262.17 2010-06-23
-
1.271
VBA32 3.12.12.5 20100623.0914 2010-06-23
-
4.200
ViRobot 20100623 2010.06.23 2010-06-23
-
0.524
VirusBuster 4.5.11.10 10.126.99/2021986 2010-06-23
-
14.149
  • 0

#18
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 
    
    :Services
    
    :OTL
    C:\Program Files\YASAMPEGEncoder\YASAMPEGEncoder.exe
    G:\Music\ek music\from old comp\New Folder\ek music\AGSetup0608.exe
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#19
djsnoopy11

djsnoopy11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: E
->Temp folder emptied: 112176122 bytes
->Temporary Internet Files folder emptied: 52250 bytes
->Java cache emptied: 128589 bytes
->FireFox cache emptied: 37106185 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58098 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15216542 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 791393 bytes

Total Files Cleaned = 158.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06242010_090213

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#20
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Is you Anti virus working properly? Doesn't look like it, might be worth reinstalling

Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.

We'll move on to the cleanup now. There's quite A bit to do here, just take your time

Follow these steps to uninstall ComboFix and tools used in the removal of malware
  • Click START then RUN
  • Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.
    Posted Image
OTL Cleanup
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Create New System Restore Point and Clear Earlier Ones
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point.
Remove any bad ones
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
Anti-Virus
Antivirus software is a computer programs designed to identify and eliminate viruses and other malicious software. Only install one anti-virus as more than one may cause conflicts and slow down your system drastically.
Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • Run Internet Explorer
  • Click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Updates
From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
  • 0

#21
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP