Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infection similar to "Antivirus System Pro"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 27th, 2011, 4:20 pm

Hi via,

I noticed that when I open "My Documents", I see transparent icons that start with the "~" or "~$" symbols. Is that normal?


That sounds like temporary files that are hidden, they should not show once you have run OTL cleanup. If they still show then

  1. Open Windows Explorer by right-clicking the Start button and left clicking Explore
  2. Then select the Tools menu and click Folder Options
  3. Select the View Tab, Under the Hidden files and folders heading select Do not show hidden files and folders
  4. Check the Hide protected operating system files (recommended) option
  5. Click OK

I have an external hard drive on which I backed up all my files. Should I have scanned that hard drive with any of the tools you suggested in this thread?


A full scan with your antivirus should be sufficient.

When I ran WinPatrol, it said "A change had been detected in the following Registry Location which you've asked to be monitored. Is changing this value OK? Software]Microsoft\Internet Explorer\Download CheckExeSignatures:no" Should I click "Yes" or "No" for that?


Click Yes.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 27th, 2011, 11:06 pm

Hi deltalima,

I uninstalled Avast and installed my preferred antivirus program, Webroot's Spy Sweeper with Antivirus. I decided to run a scan, just to see if anything would come up. It did.

This is what it detected:

about cookie
ic-live cookie
Troj/FFAdRedr-A
Troj/JavaDI-BE
trojan-downloader-karagany


As you can see, there are three trojans that none of the other programs picked up. I also got some sort of warning while trying to access a Webroot's blog, which contained information about the third trojan. The first was that a program on my computer was blocking "google.ad.sgdoubleclick.net". Later, a message on a browser window popped up: "Navigation to the webpage was canceled. What you can try: Refresh the page."

I also scanned my external hard drive on a clean computer using Webroot's Spy Sweeper with Anti-virus, and found a Troj/JsInject-A on it.

Should I run new programs to get these off my system?
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 28th, 2011, 4:31 am

Should I run new programs to get these off my system?


No, please post the log from Webroot with details of the detections.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 28th, 2011, 1:05 pm

Hi deltalima,

I can't seem to find the .txt log. I looked under "Program Files." I also looked under the Webroot folder, but I found nothing.

The following stuff I copied by hand:

-Troj/FFAd-Redr-A
c:\documents and settings\owner\local settings\application data\{8c1ed365-1623-474a-a1c8-848669cfbd75}\chrome\content\overlay.xul

-Troj/JavaDl-BE
c:\documents and settings\owner\doctorweb\quarantine\4c997ec4-45b314d2

-trojan-downloader-karagany
C:\Documents and Settings\Owner\Application Data\Adobe\plugs

Webroot doesn't offer email customer service. I'll wait for your instructions before I call them and ask them where this log is. (If you want me to post the cookie locations, let me know...)
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 28th, 2011, 2:10 pm

Hi via,

It's safe to let Webroot remove those files, then you will be good to go.

Any further questions?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby Cypher » January 29th, 2011, 11:11 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware