malware programs

[wachtn]

My computer has been infected that some malware (because I am a noob, i will call it a virus.) that AVG (free) and Advast (free) don't even notice. How can I get rid of it? I've tryed deleting it.

I don't know anything about these things but I will try to give you all the information you ask for. Thank you very much.

I ran msconfig and disable the false Security program this virus has running at start up. Here is what I can tell you. I hope its useful.

Startup item: 08307220
Command: C:\DOCUME~1\ALLUSE~1\08307220\08307220.exe

Startup Iten: 30091619
Command: C:\DOCUME~1\ALLUSE~1\30091619\30091619.exe

Startup Item: 42365727
Command: C:\DOCUME~1\ALLUSE~1\42365727\42365727.exe


I've had this problem b4. Things are ok, a few odd process you cant get rid of and some pop-up add, so you know there is a problem. Then when you run a virus scan and reset your computer, your system goes to **** and all of the symptoms start. Before I could format my hard drive and reinstall everything. That is not an option atm.

Some of the symptoms include:
Pop-up adds
Unable to access add/remove programs from control panel
Unable to access Task Manager
A Computer Security program starts up with windows and is very hard to turn off.
^^ I believe the program is called "computer security" (or something to that effect) but the process is named one the above ########.exe

Any help or advice would be awesome!
Thanks you

 

[Hefemeister]

http://www.techist.com/forums/f51/spyware-asylum-osiris-updated-10-5-2009-a-165828/

 

[wachtn]

Thanks, I am dl'n the full scan now. I will let you know of the results.

 

[wachtn]

So far so good. Thank you

 

[kimsland]

Please note that free Malwarebytes should be updated and a full scan ran
The reason for this is a 21second "quick" scan (as noted in Osiris guide) will NOT remove all possible Malwares on your computer

Combofix should also be run under the guidance and request of an experienced Malware removal specialist
In some cases running Combofix can cause undesired effects (including errors with your installed Antivirus software)
More information on warnings on the use of Combofix can be found here: A guide and tutorial on using ComboFix
I quote the Introduction post to Combofix:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Once you have completed a scan with Combofix you must: Start > Run > Combofix /u (note 1 space after "combofix")
This is because Combofix updates regularly, but all older versions must first be uninstalled (not noted in Osiris guide)

Further, you should have a single installed and updated Antivirus package installed
This should be your first line of defence before installing any other tools
You have stated that you have installed 2 Antivirus softwares (AVG and Avast)
You must decide on the single Antivirus software package that you wish to keep
Whilst my recommendation is to install free Avira Antivirus as your only Antivirus installed, this is a personal choice

Note: If you elect to uninstall AVG then you must also run the AVG Remover Tool
Else AVG will still be installed

Whilst Malware removal a specialist area, you need a dedicated Malware removal helper to see all logs, not just HijackThis
The reason for this is, many members either forget or miss removing the found Malwares
Or the malware itself was not removed by the scanning program (ie: as shown in the logs)
I have created a small guide HERE in running through these scans, as I've stated above to do (I note I have also made the font readable !)

HijackThis log on its own is not sufficient in determining if a User's/Member's computer is free of malware
Nor is placing MSConfig in "diagnostic" mode the best practice either (as stated in my guide)

I have contacted member Osiris regarding these errors in his guide

 

[septic]

wachtn said:

that AVG (free) and Advast (free) don't even notice.

kimsland said:

You have stated that you have installed 2 Antivirus softwares (AVG and Avast)

kimsland- even though your prbly right, wachtn didn't claim both were installed at the same time. My experience is most home users aren't aware of the complications running 2 AV's.
It took me a minute or 3 to figure out but this is how I turned my AVG off to run combofix.

double-click Resident Shield > un-check Resident Shield Active box > Save Changes
edit: as far as the order of things.....beyond me. Doesn't AVG have spyware built in? I had a problem in the past running Avast and lavasoft's adaware at the same time? And kimsland, with respect, even though your points may be valid, your approach is offensive. I don't see Osiris or Mak jumping in at your site and with a whole woppn' 8 posts > pick apart your theories > link to different tech page

 

[kimsland]

Thanks septic

Yes, best to disable all realtime protecting scanners before running Combofix
Here is a small list of programs and how to disable the realtime protection for your benefit:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

[Osiris]

Please note that free Malwarebytes should be updated and a full scan ran
The reason for this is a 21second "quick" scan (as noted in Osiris guide) will NOT remove all possible Malwares on your computer

The quick scan will find any malware that's active on the system that MBAM is capable of detecting. The only real usefulness of the full scan is detecting the occasional trace that get's missed by the quick scan, and even that's pretty rare. According to one of the developers the quick scan catches 99.9% of the malware that MBAM will detect.

The Full Scan is never necessary, paid or free version. That's because the Quick Scan is designed to check all active locations of malware that Malwarebytes' is capable of detecting. This has been stated by many several times, including the developers themselves. MBAM is not a typical file scanner like an AV, it doesn't detect a file based simply on a normal hash check. It uses heuristics for the bulk of its detections, looking for infection patterns that help it to accurately identify active infections.

 

[kimsland]

The quick scan will find any malware that's active on the system that MBAM is capable of detecting.

Incorrect

But for arguments sake, I would prefer that you adjust your "Full Scan" guide to allow Malwarebytes to have Full scan selected

I am not going to debate how a few seconds or minutes scan is generally useless in detecting all active malwares though (This seems too obvious to me) But to prove my point, next time you have an infected computer, run a "Quick Scan" then remove all found Malwares
Then run a "Full Scan" to remove the Malwares that are still in the system

 

[Osiris]

Incorrect

But for arguments sake, I would prefer that you adjust your "Full Scan" guide to allow Malwarebytes to have Full scan selected

I am not going to debate how a few seconds or minutes scan is generally useless in detecting all active malwares though (This seems too obvious to me) But to prove my point, next time you have an infected computer, run a "Quick Scan" then remove all found Malwares
Then run a "Full Scan" to remove the Malwares that are still in the system

Hmmm, thats funny, I copied those 2 paragraphs from Malwarebytes forum...

Difference between Quick Scan and Full Scan - Malwarebytes Forum

Not saying that at any one time you are right or wrong as running a Full Scan can possibly find other traces but all scans that I have performed, they both gave me the same exact results. The only difference found was the amount of time it took to scan the system, from minutes to hours.