My avg is infected

April 4, 2009 at 10:58:21
Specs: Windows Vista
Hi, a while ago my AVG started acting weird.
Every time I start the computer, AVG gives me
a message that an update is complete and
requires a computer restart. When I click OK it
doesn't do anything. Recently I discovered my
AVG is infected, I can't close it, can't delete it,
I can't do anything to it. Now it is causing
bsod's when i try to run games etc.
Is there anyway i can delete it, without
reformatting?

See More: My avg is infected

Report •


#1
April 4, 2009 at 18:32:12
Hi,

In order for me to help you, please follow these simple steps.

1. Download Malwarebytes Anti-Malware.
2. Double click mbam-setup.exe to install the application.
3. Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
4. Select "Perform Quick Scan", then click Scan.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
8. The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab.
9. Please be sure to paste the content of this log file with your post.

1. Use an online system scanner to double check for malware on your computer.
2. You can use ASquared, HouseCall, ESET
3. If malware is detected and your are given the option to remove it, go ahead and do so.
4. Remember to post the results of your system scan.

1. Download TrentMicro HijackThis and save it onto your system.
2. Run the HijackThis application.
3. Press "Do a system scan and save a logfile".
4. Paste the content of that log file into your post.

Let me know how you get on with this.

Regards,
RisingUK PC Security @ Rising-UK.Com


Report •

#2
April 4, 2009 at 22:56:32
Hi, thanks a lot for the help. I downloaded Malwarebytes Anti-
Malware and did a scan. I removed all but AVG is still here,
with the same problems. I am busy downloading the other
programs, I'll tell you more about that.

Here is the log for the scan:

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 6.0.6001 Service Pack 1

2009/04/05 07:43:46 AM
mbam-log-2009-04-05 (07-43-46).txt

Scan type: Quick Scan
Objects scanned: 65196
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-
9654a7003239} (Adware.Gamesbar) -> Quarantined and
deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-
a4449a05863d} (Adware.Gamesbar) -> Quarantined and
deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME}
(Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\coolplay (Trojan.DNSChanger) ->
Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\coolplay (Trojan.DNSChanger) ->
Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\coolplay\Uninstall.lnk (Trojan.DNSChanger) -
> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted
successfully.
C:\RECYCLER\S-5-5-61-100015578-100018854-100019349-
1450.com (Trojan.Agent) -> Quarantined and deleted
successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) ->
Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll
(Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Local\Temp\matrix32260.exe
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxcmiqdtmb.sys
(Trojan.Agent) -> Quarantined and deleted successfully.


Report •

#3
April 5, 2009 at 01:54:52
I downloaded ASquared and ran a full system scan, here is
the report:

a-squared Anti-Malware - Version 4.0
Last update: 2009/04/05 08:30:50 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 2009/04/05 08:45:16 AM

c:\program files\novalogic detected: Trace.Directory.Delta
Force!A2
Value: HKEY_USERS\S-1-5-21-3277194664-2759929296-
2433445350-1001\Software\Gamehouse\Feeding Frenzy 2 -->
ShowLink detected: Trace.Registry.Feeding Frenzy 2!A2
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Cooki
es\andrew@doubleclick[2].txt detected:
Trace.TrackingCookie.doubleclick!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1234891466044067
detected: Trace.TrackingCookie.webtrends!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1236461625993604
detected: Trace.TrackingCookie.cms!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1236462678125104
detected: Trace.TrackingCookie.humanclick!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1237237946642344
detected: Trace.TrackingCookie.count!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1238690149786467
detected: Trace.TrackingCookie.zedo!A2
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i2
no583b.default\cookies.sqlite:1238690154485880
detected: Trace.TrackingCookie.zedo!A2
C:\Program Files\Cheat Engine\systemcallsignal.exe
detected: Virus.Win32.Trojan!IK
C:\Program Files\Hammerfall
v.0.21\Hammerfall.exe/matrix32260.exe detected:
Packed.Win32.Tdss!IK
C:\Users\Andrew\AppData\Local\Temp\Temp1_tdutrainer1.zip
\tduhack2.exe detected: Trojan.Keylog.HotKeysHook.CO!IK
C:\Users\Andrew\AppData\Local\Temp\tmp5241.tmp
detected: Packed.Win32.Krap!IK
C:\Users\Andrew\Documents\Downloads\Launcher.zip/Mutiny
-WoW Launcher.exe detected: IM-Worm.Win32.Sohanad!IK
C:\Users\Andrew\Documents\Downloads\tdutrainer1.zip/tduha
ck2.exe detected: Trojan.Keylog.HotKeysHook.CO!IK
C:\Windows\Temp\16500937.tmp detected:
Packed.Win32.Tdss!IK

Scanned

Files: 198882
Traces: 531273
Cookies: 515
Processes: 74

Found

Files: 7
Traces: 2
Cookies: 7
Processes: 0
Registry keys: 0

Scan end: 2009/04/05 10:21:36 AM
Scan time: 1:36:20


ASquared won't allow me to delete one of the detections: Trace.Directory.Delta Force!A2


Report •

Related Solutions

#4
April 5, 2009 at 11:38:46
You can manually delete files using FileAssassin
http://www.malwarebytes.org/fileass...

You should also install UnHackMe to protect your system agaist Rootkits/Hidden Trojans.

Regards
andrew at rising-uk.com
Rising UK PC Security @ Rising-UK.com


Report •


Ask Question