Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All download has virus [Solved]


  • This topic is locked This topic is locked

#31
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry, we cross posted. I see your screenshot now.
  • 0

Advertisements


#32
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Sorry, bitdefender did not find anything. It did not offer me a log.
Download only work in IE when run as admin.
It does not work in FF, for firefox, it does not matter if it run as admin, download are automatically deleted from the download folder without a warning.
When running the computer in safe mode, it act the same way, can only download in IE when running as admin.

When I try to attach with IE it is not working.
I replied a few minutes after with the screenshot attachement, only a few minutes before you posted your last reply.
You should see it there.
But i will reatache it just in case.virus screen shot IE.png
  • 0

#33
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi saskpc,

I need to check a setting in your registry.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments /S
  • Select the None button in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

  • 0

#34
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL logfile created on: 3/4/2013 11:05:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Garfield\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 64.25% Memory free
5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 180.14 Gb Free Space | 82.56% Space Free | Partition Type: NTFS

Computer Name: GARFIELD-PC | User Name: Garfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments /S >
"ScanWithAntiVirus" = 3

< End of report >
  • 0

#35
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi saskpc,

Your problem seems to be due to AVG anti-virus, so let's uninstall it to see if that helps.

First, remove AVG from the Programs and Features menu in the Control Panel. Next download AVG Remover and run the tool to remove any remnants. You can use your USB drive to move it to the problematic computer.

Now, try to download the attachment below to see if download will work. Don't browse anywhere else while you are without an AV to avoid being reinfected.

Then, reinstall an AV. You could try AVG again, but I would recommend going with either AVAST or Microsoft Security Essentials.

Let me know how it goes.
  • 0

#36
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I forgot to give you a download to try. Try the links below.

http://oldtimer.geekstogo.com/OTL.exe

http://general-chang...s/15-adwcleaner

Just use these for testing downloads; you don't need to run the tools. You can delete them once you test the downloads.
  • 0

#37
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have removed AVG and still the same issue.
Do you think the system is clean of threat? If it is I think it might fix the problem if i ran SFC, and maybe an inplace upgrade.
This should repair most system errors.
  • 0

#38
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi saskpc,

Did you use the AVG remover as well?

If you would like to try SFC or a repair install, I can go ahead and clean up my tools. I am satisfied that your computer is clear of malware now.

I am not sure that SFC or a repair install would necessarily fix it, but you could try it and if it doesn't work, you could send me a PM and we could reopen this topic if you would like more help.

Let me know what you want to do.
  • 0

#39
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Yes even with avg remover, problem persist.
If you have any recommendation that may fix the issue, i am more then willing to try.
I will also try other type repairs.
Now that it is virus free I am more confident in proceding with repairs.
  • 0

#40
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi saskpc,

Let's clean the tools off your computer, and then I can give you a few suggestions to see about the download issue. Did you reinstall AVG or choose one of the other choices?

It would be a good idea also to reset your firewall in case the malware opened any ports.

Please update these programs, as old versions pose a security risk.
  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:
    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • Firefox -> You can get the latest version here.

Uninstall Combofix:
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box.
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK.
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

Advertisements


#41
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have tried sfc and a few windows repair software, it did not resolve the issue.
The problem is only on the one user account.
I created another admin account and it does not have this issue.
Any idea?

--- Sorry did not see your last post, I will proceed with your suggestion and get back to you today.
Thank you.

Edited by saskpc, 08 March 2013 - 11:41 AM.

  • 0

#42
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Followed the steps mentioned above, all is cleaned, but still no download.
It gotta be something in the user profile that is causing the issue, other user and run as admin do not have the issue.
Im at a lost here, the only thing I havent tried yet is an inplace upgrade, but I am not sure it will work as the issue is simply with one user profile.
Is there a way to move all file and info from one profile to the next?
  • 0

#43
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I have something we can try, just waiting on my instructor's approval. Should be ready soon.Posted Image
  • 0

#44
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi saskpc,

Let's see what we can do.

What anti-virus did you reinstall?

Do you still have an AVG 2011 or AVG 2010 folder in C:\Program Files\AVG ?

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image


Please download the attached "ScanOff.reg" to your desktop, right-click on it, and select "Merge." Can you download anything now?

If that doesn't work, please reset the change by merging "ScanOn.reg."
  • 0

#45
saskpc

saskpc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Im sorry but I cannot see the attachement.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP