Virus, need help

[silenzer]

Hi

I scanned it at virustotal and a few of the AV's said it was a virus but how can I be sure? I just finished formatting my computer yesterday and I do NOT want to do it again.
I can give you the link if you wish if you can determine if it is a virus or not.



This is the properties window of the .exe
It said that it has been blocked in order not to harm my computer, and I recall that when I launched it nothing happened. Did nothing happen at all?

 

[Jacee]

Looks to be a 'cheat hack'. What did you download from Rapidshare or do you have a Steam account?

 

[silenzer]

Looks to be a 'cheat hack'. What did you download from Rapidshare or do you have a Steam account?

I have a Steam account but I can't remember where I downloaded it from. Sorry.

 

[Jacee]

This is a hack to steal your Steam Account. Can you find the path to MAthack.exe? It maybe hidden. Delete the file.

 

[canspec]

I would try Malwarbytes and see if that gets rid of it.

 

[silenzer]

This is a hack to steal your Steam Account. Can you find the path to MAthack.exe? It maybe hidden. Delete the file.

Dang! It's good I have my account information on auto.
Can I PM you the link to the virus? Can you then see where it would be implanted when launched?

@canspec

thanks i'll try that

 

[Jacee]

No, I don't need the link. Run Malwarebytes...

 

[Dinesh]

This is a hack to steal your Steam Account. Can you find the path to MAthack.exe? It maybe hidden. Delete the file.

Dang! It's good I have my account information on auto.
Can I PM you the link to the virus? Can you then see where it would be implanted when launched?

@canspec

thanks i'll try that

Hi there, could you send me the link so that I can see what's that file?

 

[silenzer]

This is a hack to steal your Steam Account. Can you find the path to MAthack.exe? It maybe hidden. Delete the file.

Dang! It's good I have my account information on auto.
Can I PM you the link to the virus? Can you then see where it would be implanted when launched?

@canspec

thanks i'll try that

Hi there, could you send me the link so that I can see what's that file?

PM sent

 

[Dinesh]

OK this file is harmful. Hitman pro finds it as virus, detected by NOD32.
I also uploaded this file to virustotal. Here's the result: 3/42 (7.15%)
Virustotal. MD5: 5b28ba4fb31386f5acb8ac0ea26aa4cb Suspicious:W32/Malware!Gemini a variant of Win32/Injector.AZJ W32/Zhelatin.K.gen!Eldorado

 

[Dinesh]

Here's some more proof:

 

[silenzer]

OK this file is harmful. Hitman pro finds it as virus, detected by NOD32.
I also uploaded this file to virustotal. Here's the result: 3/42 (7.15%)
Virustotal. MD5: 5b28ba4fb31386f5acb8ac0ea26aa4cb Suspicious:W32/Malware!Gemini a variant of Win32/Injector.AZJ W32/Zhelatin.K.gen!Eldorado

Oh, lord.

How do I find the path of the .exe and delete it?

 

[FZ21Z]

I have a Steam account but I can't remember where I downloaded it from. Sorry.

What have you downloaded in the last 24hrs or however long it is since you reformatted?

 

[Jacee]

Do this ..
download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.44 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[silenzer]

I have a Steam account but I can't remember where I downloaded it from. Sorry.

What have you downloaded in the last 24hrs or however long it is since you reformatted?

I have downloaded plenty in the last 24hrs but nothing that is doubtful.
I formatted a few days ago.
A-HA!

I found the link.
Do you want me to send it to you via PM?

 

[Wishmaster]

You can try:

Click the Start Orb and type the name of the file in the search box.
When it comes up, rightclick it and choose Open File Location.
The resulting Window that opens should pinpoint the exact location.

 

[silenzer]

You can try:

Click the Start Orb and type the name of the file in the search box.
When it comes up, rightclick it and choose Open File Location.
The resulting Window that opens should pinpoint the exact location.

It only showed the downloaded file and I deleted it. is that enough?

 

[silenzer]

Malwarebytes' Anti-Malware 1.44
Database version: 3824
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4.3.2010 17:57:39
mbam-log-2010-03-04 (17-57-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 244648
Time elapsed: 32 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Dinesh]

Hi there, malwarebytes wont detect it.
Run a scan using Hitman Pro

 

[silenzer]

Hi there, malwarebytes wont detect it.
Run a scan using Hitman Pro

Is this anti virus or just spyware protection? don't i have to uninstall avast first?

Edit: nvm