Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Might still have trojan [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They will show in the virus chest
Open Avast
Select the Scan header
At the bottom is the link to the virus chest


  • 0

Advertisements


#17
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I know that, but how do I create log to show all 5?


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open Avast
Select the Scan tab and at the bottom is the scan history, click that
In the new tab that opens select the scan of interest and click detailed report


  • 0

#19
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I was asking how to save a log as a text file, sorry. Anyway I'll just manually type the locations(well, not include my username for privacy reasons)

(filename)                                                                                                                                               (severity) (status)

C:\Users\"username"\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4412beab=36636623       high      HTML:SweetOrange-A [Trj]

C:\FRST\Quarantine\C\Users\"username"\AppData\Roaming\serv\VoPackage.exe                                  high      Win32:Dropper-gen [Drp]

C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll                                                              high       Win32:Adware-gen [Adw]

C:\FRST\Quarantine\C\Users\"username"\AppData\Roaming\serv\ClickAndMark_2040-5250.exe           high       Win32:Adware-gen [Adw]

C:\Users\"username"\Downloads\openofficesuite-setup.exe|>nsis.hdr                                                      high       NSIS:Adware-OH [Adw]

 

Definitely will uninstall java, but I'm not sure about the others.


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is new and was not previously there SystemUpdatekb70007

I will need another look to remove all of that adware

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#21
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Sorry for the wait, college stuff. Anyway, I had to reinstall java as I found out the hard way that I did have a program I use that requires it.

 

Attached File  Extras.Txt   87.98KB   95 downloadsAttached File  OTL.Txt   94.99KB   56 downloads


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know how the computer is after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [{53d58ad8-79b5-ef46-a2c5-755d1796b412}] C:\ProgramData\Microsoft\{53d58ad8-79b5-ef46-a2c5-755d1796b412}\{53d58ad8-79b5-ef46-a2c5-755d1796b412}.exe ()

:Files
C:\Windows\Microsoft\SystemUpdatekb70007
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Attached File  OTL(1).Txt   68.45KB   64 downloads


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#25
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

seems normal as usual.

 

Althouth scanning with avast. It seems I get these "error: archive is password protected" on certain scanned results for some odd reason. I don't recall ever password protecting them.


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run OTL and press the cleanup button to remove it..

Otherwise I feel you are good to go
  • 0

#27
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok, I did so and it avast still does that. Sometime later,  FRST and OTL somehow disappeared from my desktop even though I did not actually delete them, Malwarebytes detected nothing when I scanned..


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So Avast is still showing adware, is it in the quarantine folders ?
  • 0

#29
War Man

War Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

It may not be adware. Just got scanned results.

C:\Users\"Username"\Downloads\install_reader11_en_mssa_aaa_aih.exe

 

Got this

 

Error: Archive is password protected.

 

I can't do any actions towards any of the detected because they have this error. Looking at the file in downloads, turns out to be adobe reader installer, I think it has something to do with using the software updater tool of Avast, come to think of it. Does not explain why FRST, and OTL got deleted though. Should I try uninstalling adobe reader and reinstalling it manually and never ever use software update for adobe reader on Avast?


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Password protected means just that, Avast will not be able to access that file until it is run.  However it looks like an Adobe reader update


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP