All download has virus [Solved]
Posted 02 March 2013 - 11:54 AM
Download only work in IE when run as admin.
It does not work in FF, for firefox, it does not matter if it run as admin, download are automatically deleted from the download folder without a warning.
When running the computer in safe mode, it act the same way, can only download in IE when running as admin.
When I try to attach with IE it is not working.
I replied a few minutes after with the screenshot attachement, only a few minutes before you posted your last reply.
You should see it there.
But i will reatache it just in case.
Posted 04 March 2013 - 07:46 AM
I need to check a setting in your registry.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
- Select the None button in the middle on the top of the window
- Click the Run Scan button. Post the log it produces in your next reply.
Posted 04 March 2013 - 11:07 AM
OTL by OldTimer - Version 126.96.36.199 Folder = C:\Users\Garfield\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 64.25% Memory free
5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 180.14 Gb Free Space | 82.56% Space Free | Partition Type: NTFS
Computer Name: GARFIELD-PC | User Name: Garfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments /S >
"ScanWithAntiVirus" = 3
< End of report >
Posted 05 March 2013 - 08:52 AM
Your problem seems to be due to AVG anti-virus, so let's uninstall it to see if that helps.
First, remove AVG from the Programs and Features menu in the Control Panel. Next download AVG Remover and run the tool to remove any remnants. You can use your USB drive to move it to the problematic computer.
Now, try to download the attachment below to see if download will work. Don't browse anywhere else while you are without an AV to avoid being reinfected.
Then, reinstall an AV. You could try AVG again, but I would recommend going with either AVAST or Microsoft Security Essentials.
Let me know how it goes.
Posted 05 March 2013 - 09:49 AM
Do you think the system is clean of threat? If it is I think it might fix the problem if i ran SFC, and maybe an inplace upgrade.
This should repair most system errors.
Posted 06 March 2013 - 08:02 AM
Did you use the AVG remover as well?
If you would like to try SFC or a repair install, I can go ahead and clean up my tools. I am satisfied that your computer is clear of malware now.
I am not sure that SFC or a repair install would necessarily fix it, but you could try it and if it doesn't work, you could send me a PM and we could reopen this topic if you would like more help.
Let me know what you want to do.
Posted 07 March 2013 - 06:41 PM
If you have any recommendation that may fix the issue, i am more then willing to try.
I will also try other type repairs.
Now that it is virus free I am more confident in proceding with repairs.
Posted 08 March 2013 - 10:04 AM
Let's clean the tools off your computer, and then I can give you a few suggestions to see about the download issue. Did you reinstall AVG or choose one of the other choices?
It would be a good idea also to reset your firewall in case the malware opened any ports.
Please update these programs, as old versions pose a security risk.
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you do need java, then you should definitely update to the latest version:
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, then click Remove JRE.
- Run the built-in uninstallers for all copies of java listed
- Click the Next button
- Click the Next button again
- Click the Java Manual Download link
- A browser window will open with the Java download page
- Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
- Run the installer
- Close JavaRa
- Adobe Reader -> You can get the latest version here.
I would recommend securing Adobe Reader against the latest exploits as follows:
- Launch Adobe Reader.
- Click on Edit and select Preferences.
- Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
- Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
- Click the OK button.
- Firefox -> You can get the latest version here.
- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box.
- In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK.
- Follow the prompts on the screen.
- A message should appear confirming that ComboFix was uninstalled.
Clean up OTL:
- Open OTL and select the "CleanUp" button.
- Allow the computer to reboot.
- Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.
Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.
First set up a new, clean restore point:
- Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
- In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
- Click the System Protection tab, and then click Create.
- In the System Protection dialog box, type a description, and then click Create.
Then delete the old, infected ones:
- Go Start > All Programs > Accessories > System Tools
- Right click Disc Cleanup and select run as administrator
- Then select the more options tab
- Select system restore and shadow copies "Clean up"
- Follow the prompts
Empty temp files. I would recommend doing this every so often to free up some space on your computer.
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
- First, click on Start and click onAll Programs, then Windows Update.
- Click on Change Settings in the left pane and then check the option for Automatic Updates.
Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.
Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.
This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
Posted 08 March 2013 - 10:35 AM
The problem is only on the one user account.
I created another admin account and it does not have this issue.
--- Sorry did not see your last post, I will proceed with your suggestion and get back to you today.
Edited by saskpc, 08 March 2013 - 11:41 AM.
Posted 08 March 2013 - 01:07 PM
It gotta be something in the user profile that is causing the issue, other user and run as admin do not have the issue.
Im at a lost here, the only thing I havent tried yet is an inplace upgrade, but I am not sure it will work as the issue is simply with one user profile.
Is there a way to move all file and info from one profile to the next?
Posted 08 March 2013 - 01:16 PM
Posted 08 March 2013 - 04:06 PM
Let's see what we can do.
What anti-virus did you reinstall?
Do you still have an AVG 2011 or AVG 2010 folder in C:\Program Files\AVG ?
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.
Backing Up Your Registry
- Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
- Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
- Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
- Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
- Make sure that at least the first two check boxes are ticked
- Press OK
- Press YES to create the folder.
Please download the attached "ScanOff.reg" to your desktop, right-click on it, and select "Merge." Can you download anything now?
If that doesn't work, please reset the change by merging "ScanOn.reg."
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users