to clarify ; comboFix should NEVER be run outside of a HJT log forum where a Malware expert has reviewed the infection and decided if ComboFix is an appropriate tool to run ON the computer
and yes ON those specialist forums the helpers Do give advise and guidance FOR FREE and cleaning an infected computer can take a LOT of dedicated and trained effort, ; as to HJT logs on here? I for one know of only a few members who are reliable IN interpreting an HJT log
But how could you know who on this forum is capable of reliably analysing a HJT log? I may not have passed a test and printed off a certificate to prove it from one of the specialist sites, but I have many, many hours of real world experience of picking through logs and cleaning up infected machines and I can guarantee that I can hold my own against the self-titled specialists.
If your argument was that a specialist forum is preferable to this forum, then, yes, I would agree with you 100%. But to suggest that only the 'specialists' are capable of giving advice, is IMHO, a somewhat patronising and misleading viewpoint. I know that is not how you intended it, but that is certainly how it comes across.
If you give some links for the sites you personally recommend, I (and I'm sure a few others) will happily post them in future. The commonly recommended 'miracle cure' of Malwarebytes only goes so far in cleaning a badly infected machine, so it will be useful to be able to direct people elsewhere when it looks like they could use more 'dedicated' help.
Get these 3 and see how you get on. The 1st is like MBAM/SAS/SpywareDoctor. The 2nd (BOCLean) is an active anti malware remover against an assigned database. Threatfire has some good things written about its ability to ID and remove malware, not just against a database, but also analyse suspect malware behaviour (which Avira also does).
Since Threatfire is also an AV program, it's better to turn off the real time on-guard protection to prevent AV conflicts.
I'd try these 3 (along with Avast after uninstalling AVG) as really a last resort before using SDFix and Combofix. All of these are free, so there's really nothing to lose (apart from time). If these 3 don't fix anything then there's little else out there to try really. Next stop is definately using SDFix, Combofix & HijackThis and posting logs everywhere (places like Bleepingcomputer and Avira, Avast, MBAM forums etc), or saving what you want and then wiping the system back to original settings.
Thanks for the above...got to admit that most of it goes straight over my head...but I'll give it go.
Little update. A couple of days back installed Avira and I kept getting the messages...lots of them...about trojans. I just kept selecting delete and then ok. I logged off ran Malwarebytes it found five items, so I removed them. Ran SuperAnitspyware and it found the usual ad cookies. I also have an older version of Registry Mechanic which also found some ad cookies
Logged back on earlier today...a couple of alerts from Avira and that was it.....and no screen pop ups Logged off...ran Malwarebytes again and it found nothing
This time I've logged back on and not received one alert or screen pop up...and in IE my cookie settings have remained the same Have my little pests gone ? :eek:
Once again thanks for all the replies....really appreciate all of them !!!
It could be the end, or at least the beginning of the end cuk.
If I were you I'd still be a bit wary though. SAS and MBAM are just finding things which match a database of known malware. Avira does update its own database, but has something called heuristics, which is basically a type of search that looks for suspect behaviour that matches, or is close to already known threats (this is what Threatfire also does).
I think Avast Free Version just goes against a database, rather than having a heuristic search element. I'm not sure about AVG 8 Free, but I suspect that is only an AV against a database of threats.
So what I'm saying is that you may not be clean (yet), but using Avira will help ID any trojan/malware you may have that is not held within the database for AVG/MBAM/SAS etc.
Have you run a full system scan with Avira yet? If you are just relying on it to alert you without scans, then it's possible that there are dormant trojans/malware still in the system. It's unlikely if MBAM & SAS are not picking anything up, but I'd do a couple of Avira full system scans just in case - one in safe mode and both with system admin rights.
may I suggest you fully update malawarebytes program reboot into Normal mode and run a quick scan with it ; then post the report from that scan plus maybe the previous two scan's report s for comparrision? That way we may be able to see what has been on there and how serious it is ; I assume you have only ONE installed antivirus program there?:D
First off thanks for the advice. Hope no one else is having problems but if they are hopefully they will find your advice useful too ?
Not yet put the new AV software on my PC. I've run and updated most of the AV, spy malware programmes. Ran Malwarebytes again and found nothing again....ran the new software A-squared and it found 15 high risk things. I've cleared them out...I'll run a full scan now with Avira.
At least now when I'm online I don't get pop up pages !
You can get away with 2 or more AV programs on a system providing that only one is used at any one time as an on-access/real time protection/on-guard, whatever you want to call it. Only one AV should be used in real time mode. The others should be inactive in that regard, or even turned off. When any scans are being run, only one AV should run at any one time and the real-time guard should be turned off if another AV scanner is being used to do the scan, although you could run anti-malware with one AV. If you use online scanners, the real time protection of the resident AV should be turned off. It's also best to only have one AV start on bootup - the one used for real-time scans. The others are used as back-up for ad-hoc scans so these would be disabled at start-up.
The problem arises when 2 or more AV scanners are active, whether this is for actively initiated scans or for the more passive real-time protection. Therefore there's nothing to stop people having AVG, Avast, Avira and Threatfire installed on the system providing only one is doing a real-time 'live' guard and when one is scanning the others are not and whichever has the real-time live guard also has it turned off for the duration of the scan by the other AV (as it should be for an online scan).
That's my understanding and one widely held on some malware/virus/IT forums.
you need to run hijackthis then post the results on the forum.give the guy's time to respond and the will help you !!!
i've tried them about 10 times 5+ years, so i trust them.
what you can do is to fully update superantispyware, reboot into safe mode and run a full deep scan then reboot into normal mode and let us see its report;;also would be good to see one of the NON clean reports from malawarebytes to see what you did have on there to assess its security risk for you
of interest, a squared does tend to flag up all kinds of stuff and it helps to know your computer to be able to identify what you should wory about and what is a false possitive :cool:
If you are compromised it does not matter if you have 1, 2 3, or 4 scanners active, you are compromised.
Why so? Please tell us.
I wasn't actually referring to a compromised system specifically. Actually having more than one scanner with a compromised system is actually better than just the one AV providing they are used in a way that will prevent conflicts between 2 or more resident AV programs - and that is what my last post was talking about. Ways to prevent AV program conflicts, so allowing the use of two or more to be installed but only the one ever running at one time.
Fair enough, for the complete novice that doesn't know how to turn each of them off, disable real-time live guards, possibly configure only one to do a bootup scan and then disable all but one via Windows Start-up, it could be a bit tricky and therefore having only one AV is probably the best idea. But all this talk about only having one AV is generally nonsense if they are configured and/or disabled to prevent conflicts. The primary Av would do real time scans and ad-hoc scans and then be turned off for the others to be used for updates and then ad-hoc scans.
Back after working over the holidays....hopefully to sort this out ?
Installed Avast...ran a scan in normal mode...nothing, same result with Super....spyware, ad-squre (just normal ad cookies) and Malwarebytes. Ran a full system scan (normal mode) with Avira found two trojans, I selected delete.
Not posted a report as the one from Avira was copied and pasted into word and it's four pages long:eek: Just done a part scan...over two hours and it was only 30% complete....it again found two trojans, I again selected delete....does this part of the report give any clues...
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '66' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: 29 December 2008 21:15
Used time: 2:43:08 Hour(s)
The scan has been canceled!
1480 Scanning directories
56544 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
56542 Files not concerned
450 Archives were scanned
6 Warnings
0 Notes
you need to run hijackthis then post the results on the forum.give the guy's time to respond and the will help you !!!
i've tried them about 10 times 5+ years, so i trust them.
Thanks for the link....I've yet to an uptodate scan in safe mode so I'll get that done first.
Comments
But how could you know who on this forum is capable of reliably analysing a HJT log? I may not have passed a test and printed off a certificate to prove it from one of the specialist sites, but I have many, many hours of real world experience of picking through logs and cleaning up infected machines and I can guarantee that I can hold my own against the self-titled specialists.
If your argument was that a specialist forum is preferable to this forum, then, yes, I would agree with you 100%. But to suggest that only the 'specialists' are capable of giving advice, is IMHO, a somewhat patronising and misleading viewpoint. I know that is not how you intended it, but that is certainly how it comes across.
If you give some links for the sites you personally recommend, I (and I'm sure a few others) will happily post them in future. The commonly recommended 'miracle cure' of Malwarebytes only goes so far in cleaning a badly infected machine, so it will be useful to be able to direct people elsewhere when it looks like they could use more 'dedicated' help.
http://www.avast.com/eng/download-avast-home.html
Try this one too. It won't conflict with any other AV/AM program;
http://www.emsisoft.com/en/software/free/
And this free one of Comodo BOClean;
http://www.comodo.com/boclean/boclean.html
This free version of Threatfire;
http://www.threatfire.com/download/
Get these 3 and see how you get on. The 1st is like MBAM/SAS/SpywareDoctor. The 2nd (BOCLean) is an active anti malware remover against an assigned database. Threatfire has some good things written about its ability to ID and remove malware, not just against a database, but also analyse suspect malware behaviour (which Avira also does).
Since Threatfire is also an AV program, it's better to turn off the real time on-guard protection to prevent AV conflicts.
I'd try these 3 (along with Avast after uninstalling AVG) as really a last resort before using SDFix and Combofix. All of these are free, so there's really nothing to lose (apart from time). If these 3 don't fix anything then there's little else out there to try really. Next stop is definately using SDFix, Combofix & HijackThis and posting logs everywhere (places like Bleepingcomputer and Avira, Avast, MBAM forums etc), or saving what you want and then wiping the system back to original settings.
Little update. A couple of days back installed Avira and I kept getting the messages...lots of them...about trojans. I just kept selecting delete and then ok. I logged off ran Malwarebytes it found five items, so I removed them. Ran SuperAnitspyware and it found the usual ad cookies. I also have an older version of Registry Mechanic which also found some ad cookies
Logged back on earlier today...a couple of alerts from Avira and that was it.....and no screen pop ups
This time I've logged back on and not received one alert or screen pop up...and in IE my cookie settings have remained the same
Once again thanks for all the replies....really appreciate all of them !!!
If I were you I'd still be a bit wary though. SAS and MBAM are just finding things which match a database of known malware. Avira does update its own database, but has something called heuristics, which is basically a type of search that looks for suspect behaviour that matches, or is close to already known threats (this is what Threatfire also does).
I think Avast Free Version just goes against a database, rather than having a heuristic search element. I'm not sure about AVG 8 Free, but I suspect that is only an AV against a database of threats.
So what I'm saying is that you may not be clean (yet), but using Avira will help ID any trojan/malware you may have that is not held within the database for AVG/MBAM/SAS etc.
Have you run a full system scan with Avira yet? If you are just relying on it to alert you without scans, then it's possible that there are dormant trojans/malware still in the system. It's unlikely if MBAM & SAS are not picking anything up, but I'd do a couple of Avira full system scans just in case - one in safe mode and both with system admin rights.
First off thanks for the advice. Hope no one else is having problems but if they are hopefully they will find your advice useful too ?
Not yet put the new AV software on my PC. I've run and updated most of the AV, spy malware programmes. Ran Malwarebytes again and found nothing again....ran the new software A-squared and it found 15 high risk things. I've cleared them out...I'll run a full scan now with Avira.
At least now when I'm online I don't get pop up pages !
The problem arises when 2 or more AV scanners are active, whether this is for actively initiated scans or for the more passive real-time protection. Therefore there's nothing to stop people having AVG, Avast, Avira and Threatfire installed on the system providing only one is doing a real-time 'live' guard and when one is scanning the others are not and whichever has the real-time live guard also has it turned off for the duration of the scan by the other AV (as it should be for an online scan).
That's my understanding and one widely held on some malware/virus/IT forums.
If you are compromised it does not matter if you have 1, 2 3, or 4 scanners active, you are compromised.
the place i go for help is
http://www.webuser.co.uk/forums/postlist.php/Cat/0/Board/hijackthis
you need to run hijackthis then post the results on the forum.give the guy's time to respond and the will help you !!!
i've tried them about 10 times 5+ years, so i trust them.
of interest, a squared does tend to flag up all kinds of stuff and it helps to know your computer to be able to identify what you should wory about and what is a false possitive :cool:
Why so? Please tell us.
I wasn't actually referring to a compromised system specifically. Actually having more than one scanner with a compromised system is actually better than just the one AV providing they are used in a way that will prevent conflicts between 2 or more resident AV programs - and that is what my last post was talking about. Ways to prevent AV program conflicts, so allowing the use of two or more to be installed but only the one ever running at one time.
Fair enough, for the complete novice that doesn't know how to turn each of them off, disable real-time live guards, possibly configure only one to do a bootup scan and then disable all but one via Windows Start-up, it could be a bit tricky and therefore having only one AV is probably the best idea. But all this talk about only having one AV is generally nonsense if they are configured and/or disabled to prevent conflicts. The primary Av would do real time scans and ad-hoc scans and then be turned off for the others to be used for updates and then ad-hoc scans.
Installed Avast...ran a scan in normal mode...nothing, same result with Super....spyware, ad-squre (just normal ad cookies) and Malwarebytes. Ran a full system scan (normal mode) with Avira found two trojans, I selected delete.
Not posted a report as the one from Avira was copied and pasted into word and it's four pages long:eek: Just done a part scan...over two hours and it was only 30% complete....it again found two trojans, I again selected delete....does this part of the report give any clues...
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '66' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: 29 December 2008 21:15
Used time: 2:43:08 Hour(s)
The scan has been canceled!
1480 Scanning directories
56544 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
56542 Files not concerned
450 Archives were scanned
6 Warnings
0 Notes
Doesn't mean a great deal to me
Thanks for the link....I've yet to an uptodate scan in safe mode so I'll get that done first.