Solve : Virus Warnings?

1.	Solve : Virus Warnings?
Answer» Hi, I am getting multiple virus warnings from McAfee. They all refer to different infected files, so I have listed a couple below: C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B4B794D-8560-419A-B57D-EB3E8743B493}\RP166\A0045805.EXE W32/Trats C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B4B794D-8560-419A-B57D-EB3E8743B493}\RP166\A0045811.EXE\A0045811.EXE Downloader-AWM.gen I have attached the requested scan logs - any help would be appreciated. Thanks Nick [file cleanup - saving space - attachment deleted by admin]Thanks for following the guide before posting. It looks LIKE it got rid of alot. There is still some cleaning to do. Open HJT and select Do a system scan only and then place a check mark next to: O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file) O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file) O20 - Winlogon Notify: agvfqnaa - agvfqnaa.dll (file missing) O20 - Winlogon Notify: efcyyyy - efcyyyy.dll (file missing) O20 - Winlogon Notify: winaqc32 - winaqc32.dll (file missing) Close all windows except for Hijackthis and click Fix checked. EXIT Hijackthis. ---------- Download Vundofix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a MINUTE or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Please let Vundo finish, sometimes it can take multiple passes ---------- Do you know what this is? HQ.AUTOCAB.COM ---------- Next post please add Vundofix log NEW Hijackthis logThanks for your help - the PC appears to be running OK now, and all the virus warning messages have stopped. I have attached the 2 new log files. hq.autocab.com is the domain that the PC was on. [file cleanup - saving space - attachment deleted by admin]Quote hq.autocab.com is the domain that the PC was on. You say was on? If it is no longer on the domain then you can have HJT fix those four O17 entries also. If it is needed then don't fix them. Open HJT and select Do a system scan only and then place a check mark next to: O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing) Close all windows except for Hijackthis and click Fix checked. Exit Hijackthis. ---------- Download and install CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click Options... Make sure the arrow is set to Standard CleanUp! Uncheck the following: (if checked) Delete Newsgroup cache Delete Newsgroup Subscriptions Click OK Click the CleanUp! button to start the program. Reboot/logoff when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility ---------- Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) When finished exit out of OTMoveIt2 . UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to PROTECT yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. Almost forgot something. Toggle System Restore to clear infected restore points 1. Turn off System Restore On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer 3. Turn ON System Restore On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. Thanks for all your help, it seems to have done the job. NickGlad it worked. Safe surfing..............

Answer»

Hi,
I am getting multiple virus warnings from McAfee. They all refer to different infected files, so I have listed a couple below:

C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B4B794D-8560-419A-B57D-EB3E8743B493}\RP166\A0045805.EXE
W32/Trats

C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B4B794D-8560-419A-B57D-EB3E8743B493}\RP166\A0045811.EXE\A0045811.EXE
Downloader-AWM.gen

I have attached the requested scan logs - any help would be appreciated.

Thanks

Nick

[file cleanup - saving space - attachment deleted by admin]Thanks for following the guide before posting. It looks LIKE it got rid of alot. There is still some cleaning to do.

Open HJT and select Do a system scan only and then place a check mark next to:

O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O20 - Winlogon Notify: agvfqnaa - agvfqnaa.dll (file missing)
O20 - Winlogon Notify: efcyyyy - efcyyyy.dll (file missing)
O20 - Winlogon Notify: winaqc32 - winaqc32.dll (file missing)

Close all windows except for Hijackthis and click Fix checked.

EXIT Hijackthis.

----------

Download Vundofix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a MINUTE or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

----------

Do you know what this is? HQ.AUTOCAB.COM

----------

Next post please add
Vundofix log
NEW Hijackthis logThanks for your help - the PC appears to be running OK now, and all the virus warning messages have stopped.

I have attached the 2 new log files.

hq.autocab.com is the domain that the PC was on.

[file cleanup - saving space - attachment deleted by admin]Quote

hq.autocab.com is the domain that the PC was on.

You say was on? If it is no longer on the domain then you can have HJT fix those four O17 entries also. If it is needed then don't fix them.

Open HJT and select Do a system scan only and then place a check mark next to:

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)

Close all windows except for Hijackthis and click Fix checked.

Exit Hijackthis.

----------

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click Options...
Make sure the arrow is set to Standard CleanUp!
Uncheck the following: (if checked)
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
Click OK

Click the CleanUp! button to start the program. Reboot/logoff when prompted.

Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

----------

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

When finished exit out of OTMoveIt2

.

UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates

Learn more about how to PROTECT yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Let us know if anything else comes up.
Almost forgot something.

Toggle System Restore to clear infected restore points

1. Turn off System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer

3. Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

Thanks for all your help, it seems to have done the job.

NickGlad it worked.

Safe surfing..............

Solve : Virus Warnings?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment