So far I haven't had any page rerouting or virus scanner pop-ups. The blue screen and automatic shut down has also stopped. Should I delete any programs or run any scans (malware/super-anti)?
Thank you very much for your help.
Printable View
So far I haven't had any page rerouting or virus scanner pop-ups. The blue screen and automatic shut down has also stopped. Should I delete any programs or run any scans (malware/super-anti)?
Thank you very much for your help.
When I right click in google a page popped up that says "PCScanner2010 is detecting security risks". It's random and doesn't do it everytime.
Take a look at your last Avenger log you posted, then at the log posted here; http://discussions.virtualdr.com/sho...1&postcount=32Quote:
Originally Posted by Thexy
Can you tell me why the formatting s so different?
Do a search on your pc for the pcscanner2010 on your pc.
I did notice it looks different. I did not enter a string it it. Norton found this virus but said I would have to manually remove it:
Iastor.sys.vir
Backdoor.Tiderv.I!inf
Where does it find the file? If it is in the C:\qoobox\quarantine folder, do not worry about it, as it is in quarantine.
If your pc is running ok otherwise, let's leave it a day to make sure, then I will show you how to remove Combofix.
I have attached the Norton screen shots...
It is better if you save those to jpeg format as not everyone has MS Word :).
Ok. We will try uninstalling Combofix to see if the warnings disappear. Hurrah to Norton for finding a problem, but not letting us know where it is.
====
- Click START then RUN
- Now type [b]Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
- https://discussions.virtualdr.com/im.../2010/01/1.png
Yes, it does look weird. But for some reason, I feel as if the virus is still here. Sometimes my page would go out and althought I've only ran Avenger once, it runs different..with a "blink".
ComboFix has been removed..
I attached the .jpeg images if you needed them. Norton has been a great help with this...I've had the service for about 2 months now and I update and scan daily (sometimes twice a day) and it still doesn't do anything about viruses. What was I thinking trying to be proactive??
I removed FireFox because it started acting weird. I have been using Chrome and when I try to reply and "go advanced", the scroll bar and buttons freeze. But I am able to click on the task/tool bar, but now actually in the window. So now I am using IE, but I keep getting an error message saying IE stopped working and then "close program". I click the "close program" button but IE still stays open.
By my count, The Avenger should have been run 3 times.
==
Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
- You will need to use Internet Explorer to complete this scan.
- You will need to temporarily Disable your current Anti-virus program.
- Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
- When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
NOTE: If you are unable to complete the ESET scan, please try another from the list below:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89f108df6270134796a7b196b2ccb044
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-22 04:00:55
# local_time=2009-12-21 10:00:55 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 63046245 63046245 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 90 111463 6136429 0 0
# compatibility_mode=5892 16776574 100 100 0 98054340 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177994
# found=0
# cleaned=0
# scan_time=7642
Nothing found there. Might want to try the Kaspersky scanner too.
Do you have your Vista CD? You may have to do a repair install to fix the error's you are getting.
I will download Kaspersky now.....but no, I do not have a Vista CD.
So far this is what Kaspersky has detected (it is still running)...
Full Scan: stopped 43 minutes ago (events: 2, objects: 5088, time: 00:05:03)
12/22/2009 12:13:38 AM Task stopped
12/22/2009 12:08:35 AM Task started
Full Scan: running (events: 7, objects: 182497, time: 00:30:03)
12/22/2009 12:16:13 AM Task started
12/22/2009 12:26:54 AM Task stopped
12/22/2009 12:27:00 AM Task started
12/22/2009 12:53:37 AM Detected: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf/data0000
12/22/2009 12:56:28 AM Deleted: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf
12/22/2009 12:56:28 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0001
12/22/2009 12:56:28 AM Cannot be quarantined: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf
Quick Scan: completed 37 minutes ago (events: 2, objects: 5177, time: 00:03:31)
12/22/2009 12:19:45 AM Task completed
12/22/2009 12:16:14 AM Task started
Objects Scan: stopped 30 minutes ago (events: 2, objects: 3, time: 00:00:28)
12/22/2009 12:26:29 AM Task stopped
12/22/2009 12:26:01 AM Task started
Objects Scan: running (events: 5, objects: 175885, time: 00:30:28)
12/22/2009 12:26:35 AM Task started
12/22/2009 12:53:37 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0001
12/22/2009 12:53:37 AM Detected: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf/data0000
12/22/2009 12:56:28 AM Cannot be deleted: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf Object not found
12/22/2009 12:56:28 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0002
Here is the detailed report after Kaspersky finished:
Status: Absent (events: 3)
12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf High
12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf//data0001 High
12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf//data0002 High
Status: Deleted (events: 2)
12/22/2009 12:56:28 AM Deleted Trojan program Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf High
12/22/2009 12:56:28 AM Deleted Trojan program Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf//data0000 High