 |  | | |
22 Mar 2010
|
#1 | |
Windows 7 Ultimate x86 7600.16385 |
Eh..
I've got a virus... most likely a bot... Microsoft Security Essentials doesn't detect it. It's in "C:\Windows\System32\Avira\Avira.exe", its a hidden folder, and get this.. every time I delete it, empty my recycle bin.. the file is restored. Some shit, eh? Anyway, there's obviously some reg mods involved in this. I just need it to be gone.. I don't care how.. and reformatting is not an option at the moment, because the drive I use for backup has failed. Any pointers? Thanks..
~TA
| My System Specs |
| System Manufacturer/Model Number Dell Inspiron 1501
OS Windows 7 Ultimate x86 7600.16385
CPU AMD Turion 64 Mobile Technology MK-36 2.00 GHz
Motherboard Dell UW953
Memory 1.00 GB (894 MB usable)
Graphics Card ATI Radeon XPRESS 128MB
Sound Card Dunno
Monitor(s) Displays 15"
Screen Resolution 1280 x 800
Keyboard Laptop Keyboard..
Mouse Laptop touchpad..
Cooling Laptop fans ftw.
Hard Drives Fujitsu MJA2080BH G2 ATA Device (80 GB, 5400 RPM)
Internet Speed 16.45 Mb/s download, 3.84 Mb/s upload
Other Info My computer sucks.
|
22 Mar 2010
|
#2 | |
Windows 7 Ultimate x64, Mint 9 In the Crust |
Run Malware Bytes, and any other AV software until you catch and remove it.
~Lordbob | | My System Specs | | System Manufacturer/Model Number Hera
OS Windows 7 Ultimate x64, Mint 9
CPU Intel i5-2500k
Motherboard ASUS P8P67 Pro
Memory 2x 4Gb Corsair VENGEANCE DDR3-1600
Graphics Card NVidia GeForce N260GTX Twin Frozr
Sound Card Realtek HD OnBoard Audio
Monitor(s) Displays ASUS 24" Monitor
Screen Resolution 1920x1080
Keyboard Razer Tarantula
Mouse Razer Lachesis
PSU Cooler Master Real Power Pro 750W
Case Cooler Master Haf 932
Cooling Fans
Hard Drives G.SKILL Phoenix Series 60GB SATA II MLC Internal Solid State Drive (SSD)
SAMSUNG Spinpoint F3R 1TB 7200 RPM 32MB Cache SATA II
Internet Speed not fast enough
|
22 Mar 2010
|
#3 | |
Windows 7 Professional 32-bit (6.1, Build 7600) A l a b a m a |
Quote: Originally Posted by TheAnonymity  I've got a virus... most likely a bot... Microsoft Security Essentials doesn't detect it. It's in "C:\Windows\System32\Avira\Avira.exe", its a hidden folder, and get this.. every time I delete it, empty my recycle bin.. the file is restored. Some shit, eh? Anyway, there's obviously some reg mods involved in this. I just need it to be gone.. I don't care how.. and reformatting is not an option at the moment, because the drive I use for backup has failed. Any pointers? Thanks..
~TA Try Hitman Pro Hitman Pro 3 - SurfRight
Are you able to search for AV products without being re-directed? | | My System Specs | | System Manufacturer/Model Number Averatec 6130HS-20
OS Windows 7 Professional 32-bit (6.1, Build 7600)
CPU Intel(R) Pentium(R) 4 3.00 GHz HT
Memory 2.0 GB
Graphics Card ATI Mobility Radeon 9600 64MB
Sound Card Realtek AC'97 Audio
Screen Resolution 1280 x 800
Mouse Targus PAWM10 Wireless Optical Laptop Mouse
Cooling 20 Inch Box Fan
Hard Drives Seagate 96023A 60GB 7200RPM -
Seagate FreeAgentDesktop 250GB
|
22 Mar 2010
|
#4 | |
Windows 7 & Windows Vista Ultimate Upstate NY |
Hi, TheAnonymity.
Although there is a "look-alike rogue imitating Avira ( Malware Diaries Blog Archive Avira look alike) in conducting a search for "C:\Windows\System32\Avira\Avira.exe", there was only one search result -- your post.
Let's see what an MBAM scan shows:
Please download Malwarebytes' Anti-Malware to your desktop. - Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
 - Click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
- Please post contents of that file in your next reply.
| | My System Specs | | OS Windows 7 & Windows Vista Ultimate
|
22 Mar 2010
|
#5 | |
Windows 7 Ultimate x86 7600.16385 |
It seems to be gone. I did a quick scan, but nothing was found. So here are the results from my full scan: Code: Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/22/2010 8:11:15 PM
mbam-log-2010-03-22 (20-11-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 101932
Time elapsed: 2 hour(s), 12 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7545i017-hls8-60od-7323-b764203cb058} (Generic.Bot.H) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\Avira\Avira.exe (Generic.Bot.H) -> Delete on reboot. Thanks for your help guys. Twas a bot after all. | | My System Specs | | System Manufacturer/Model Number Dell Inspiron 1501
OS Windows 7 Ultimate x86 7600.16385
CPU AMD Turion 64 Mobile Technology MK-36 2.00 GHz
Motherboard Dell UW953
Memory 1.00 GB (894 MB usable)
Graphics Card ATI Radeon XPRESS 128MB
Sound Card Dunno
Monitor(s) Displays 15"
Screen Resolution 1280 x 800
Keyboard Laptop Keyboard..
Mouse Laptop touchpad..
Cooling Laptop fans ftw.
Hard Drives Fujitsu MJA2080BH G2 ATA Device (80 GB, 5400 RPM)
Internet Speed 16.45 Mb/s download, 3.84 Mb/s upload
Other Info My computer sucks.
|
22 Mar 2010
|
#6 | |
Windows 7 Ultimate 32 bit Orlando, Florida |
Glad you found it and got rid of it. | | My System Specs | | System Manufacturer/Model Number Home built
OS Windows 7 Ultimate 32 bit
CPU Intel(R) Pentium(R) 4 CPU 3.00GHz
Motherboard ASUS P4P800-VM Motherboard Chipset: Intel 865G + ICH5
Memory 2.50 GB RAM
Graphics Card NVIDIA GeForce 7600 GS
Sound Card SoundMax Integrated Digital Audio (Chip)
Monitor(s) Displays ViewSonic VX 1962 wm
Screen Resolution 1680 X 1050
Keyboard Microsoft Comfort Curve Keyboard 2000 v10 USB
Mouse Logitec optic USB
Cooling Fan based
Hard Drives Seagate Barracuda 7200.10 80 GB
ST380215A ATA Device 18.6 GB
Western Digital "My Book" external hard drive 750 GB
Internet Speed 3.01 Mb/s download 0.64 Mb/s upload
All times are GMT -5. The time now is 12:33 PM. |  |
