Guest mayfriday Posted October 31, 2008 Posted October 31, 2008 The AVG has detected this shown as follows:- C:\Docs nsetting\all users\application data\microsoft\Onecare Protection\LocalCopy\{CFD.............}IEUPDATES.EXE Thread name: Trojan horse Generic 11 SHA and been asked to either Heal /Move to Vault/ Ignore Process Name: C:\Prog files\Microsoft Windows OneCare Live\Antivirus\MsMPEng.exe Now what must I do with these?
Guest CTOS Posted October 31, 2008 Posted October 31, 2008 RE: AVG 8.0 Resident Shield Alert You have AVG and OneCare anti-virus installed and running? You should only have one anti-virus running. The "IEUPDATES.EXE" is related to the "Antivirus 2009" malware, but typically that file was found in C:\WINDOWS\system32\ieupdates.exe location. I don't know about AVG or OneCare cleaning out the "Antivirus 2009" infection, but I've had excellent results using Malwarebytes. You don't need to uninstall your current anti-virus software to install and use it for periodic scans. http://www.malwarebytes.org/ "mayfriday" wrote: > The AVG has detected this shown as follows:- > C:\Docs nsetting\all users\application data\microsoft\Onecare > Protection\LocalCopy\{CFD.............}IEUPDATES.EXE > > Thread name: Trojan horse Generic 11 SHA > and been asked to either Heal /Move to Vault/ Ignore > > Process Name: C:\Prog files\Microsoft Windows OneCare > Live\Antivirus\MsMPEng.exe > > Now what must I do with these?
Guest PA Bear [MS MVP] Posted October 31, 2008 Posted October 31, 2008 Re: AVG 8.0 Resident Shield Alert You should only have one (1) anti-virus application installed & loading at boot! As things stand now, neither OneCare nor AVG are working properly. Assuming (1) your OneCare subscription is and has been current, (2) you're able to manually update OneCare, and that (3) you didn't install OneCare after you'd installed AVG or (4) after the machine was infected with XPAntiVirus2009 (it is now), uninstall AVG, manually update OneCare, and run a full scan with OneCare. If no joy... Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ mayfriday wrote: > The AVG has detected this shown as follows:- > C:\Docs nsetting\all users\application data\microsoft\Onecare > Protection\LocalCopy\{CFD.............}IEUPDATES.EXE > > Thread name: Trojan horse Generic 11 SHA > and been asked to either Heal /Move to Vault/ Ignore > > Process Name: C:\Prog files\Microsoft Windows OneCare > Live\Antivirus\MsMPEng.exe > > Now what must I do with these?
Recommended Posts