[Solved] AVG HELP NEEDED PLEASE

[H20]

Can anyone please help and advise me what to do as I am not computer literate where viruses and threats are concerned and need help....I have AVG free and today it did it's usual scan and this came up...http://i40.photobucket.com/albums/e244/xxcell/PICT1326_zpsc49cdba0.jpg...I press "ADDRESS ISSUES" and this comes up http://i40.photobucket.com/albums/e244/xxcell/PICT1329_zps22e426a0.jpg....I then press "REMOVE ALL" and this comes up http://i40.photobucket.com/albums/e244/xxcell/PICT1325_zps31469fed.jpg....do I press "REMOVE" OR "ABORT ACTION"...I really don't know what to do for the best and I'm worried as I have no experience in this kind of thing...any help or advice would be greatly appreciated. Thanks

[KenB]

Hi

 

One of our security experts should be along soon to advise you .... but in the mean time please download MBAM from here:

 

click here

 

You want the FREE version.

 

Install it > Update it and run it.

Please make sure you put a check next to all that it finds and "Remove Selected"

MBAM will produce a log of the scan process.

Copy this and paste it here please.

 

=============

 

Also:

 

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check
  

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

DRIVES

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
  

Note:

Running the above script with OTL will :

turn on your system restore and set a new restore point (XP only)

set a new restore point (if system restore is turned on) Vista & Win7.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL

 

 

Whilst we are helping you, please don't run other programs/scans without our knowledge ....

it only confuses things.

 

=================

 

You may need to spread the logs over 2 or 3 posts to fit them in ..........this is OK.

 

One of our security experts will pick this up and advise you further.

[H20]

Have done as you asked and it has done a quick scan and says nothing was found.

[KenB]

Please look at the OTL section of my previous post - I added it later sorry.

[Starbuck]

Hi H20

 

I wouldn't be surprised if this is a false positive.

AVG says the file is bigger than 5MB..... the legit version of that file is just over 15MB, so that matches.

 

What is your F Drive?

Do you have AOL installed?

[H20]

Yes AOL broadband but it isn't installed...what's an F drive? Do you think it could be a temporary problem with AVG? Thanks Edited May 29, 2013 by H20

[Starbuck]

Yes AOL broadband

The legit version of the file that AVG flagged up .... is an AOL file.

 

what's an F drive?

Let's do this the easy way...

 

Click the Start button >>> Click on Computer.

You will see a screen similar to this:

 

http://img.photobucket.com/albums/v708/starbuck50/Capture3-1_zpse96e1ec6.png

 

Look for a disc labelled F.

Is it a removable storage or a Local Disc?

[Starbuck]

Do you think it could be a temporary problem with AVG?

Yes, that's what i meant by a false positive.

[H20]

[ATTACH=CONFIG]1026.vB5-legacyid=1942[/ATTACH]Thanks for all your help...going offline now and will be back tomorrow afternoon so if I need to do anything please let me know and I will do it then. Many Thanks

Edited May 29, 2013 by H20

[Starbuck]

MalwareBytes has done a quick scan and says nothing was found.

The problem isn't on the 'C' drive..... that's all that a quick scan checks.

 

This will tell us if there's a problem or not.

Please run another scan..

• Make sure the "Perform Full Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

[H20]

Ok so it's take 2 hours and 14 minutes to scan everything as you asked and it says nothing found...details below.Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.29.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Protection: Enabled

30/05/2013 14:56:22

mbam-log-2013-05-30 (14-56-22).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 478852

Time elapsed: 2 hour(s), 14 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[H20]

Have run AVG again and the same threats are detected....just a thought but do you think it's AVG's way of getting people to buy their full package :rolleyes:....thanks once again

[H20]

Will be offline tonight so anything else you would like me to try I will do tomorrow....thanks so much for your help.

[Starbuck]

Hi H20,

 

Ok so it's take 2 hours and 14 minutes to scan everything as you asked and it says nothing found

This just reinforces my first thought that this is a false positive from AVG.

 

Have run AVG again and the same threats are detected....just a thought but do you think it's AVG's way of getting people to buy their full package

I don't think it's a way to get people to buy the full package..... but i do think someone at AVG may have made a mistake with the definitions.

 

We can double check the file though, just to be sure.

 

Please click this link-->Jotti

 

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

 

F:\Setup\BroadbandCheckup\BBCheckup.exe

 

Please post back the results of the scan in your next post.

 

If Jotti is busy, try the same at : Virustotal

 

Note:

If you are unsure on how to do this:

Click Start >> Computer >> F Drive >> Setup >> BroadbandCheckup >> then click on the BBCheckup.exe file.

[H20]

Did a scan on Virustotal and the results are as follows

SHA256:	5a0a97e7a2ae89cd3fa454c4ee07a9401b202aa23c2109c00cfd610ab12c5d23
File name:	BBCheckup.exe
Detection ratio:
Analysis date:	2013-05-31 15:36:24 UTC ( 1 minute ago ) Nothing found....will do Jotti when not so busy.

[H20]

Don't know if this is of any help but when I started the Virustotal scan this came up [ATTACH=CONFIG]1027.vB5-legacyid=1943[/ATTACH]clicked on "show details" and this came up [ATTACH=CONFIG]1028.vB5-legacyid=1944[/ATTACH]went back to the first one and clicked on more info and it takes me to this [ATTACH=CONFIG]1029.vB5-legacyid=1945[/ATTACH]...where it says "enter virus or threat name to learn more" shall I put anything in it? Thanks for your help

Edited May 31, 2013 by H20

[Starbuck]

Virus total is saying that the file is legit.

Detection ratio: 0 / 46

out of 46 vendor scans none found anything wrong.

 

and the file size is correct for the AOL file of this name.

 

It's obviously a false positive and is best to get AVG to ignore the file.

 

Off Topic:

Suggestion.

I see that you use your camera or phone for the screen shots.

There's a great little tool built into Win7 to make creating screen shots very easy...... The Snipping Tool.

 

http://windows.microsoft.com/en-gb/windows7/use-snipping-tool-to-capture-screen-shots

 

The link will explain how to use it....... it creates very good images.

Give it a try.... i use it all the time.

This is one i created for another thread using this tool:

 

http://img.photobucket.com/albums/v708/starbuck50/prop_zps48c4ad13.png

[H20]

Thanks...unsure what to do now.... do I, press the "IGNORE THREAT" on this http://extremetechsupport.com/attachment.php?attachmentid=1943&d=1370015314&thumb=1............or something else? Thanks for your help

[Starbuck]

do I, press the "IGNORE THREAT" on this

Yes, click on that.

See how things go for awhile, a newer update for AVG may correct this false positive.

[H20]

Apologies for not thanking you both sooner, have been away and very busy. Anyway, I had left everything as it was and hadn't changed anything regarding AVG and today was the first time I have done a full AVG scan since all the problems last week...scan now says "no threats found"...so as you rightly said, it was probably a false positive....they sure know how to worry people. Thanks again for all you're on going help and support, it is really appreciated. :) .... And many thanks for the Snipping Tool info...will have a go when I have a spare minute.

[Starbuck]

Hi H20

 

Glad everything got resolved in the end.

 

Thanks again for all you're on going help and support, it is really appreciated.

It's our pleasure.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif