Solved

Need help removing spyware off laptop/Where to find avast log files?

Where can i find the log files for avast on a vista laptop?

My dad helped my brother finfance a laptop,he couldnt make the payments so my dad took it over.It has a BUTTLOAD of spyware in some temp files located in the system32 directory.

Im hoping if i can upload the log file someone can help me safely get rid of this junk without messing up his pc.Its terrible.
9 answers Last reply Best Answer
More about need removing spyware laptop where find avast files
  1. install malwarebytes with your avast anti-virus


    or try Regrun
    http://www.greatis.com/security/
  2. In my point of view, avira is better than Avast.
    Avira+Malwarebytes will do the job!
    Ccleaner installed with these gives good security & optimization setup.

    Download & Install the following 3 freewares. It forms a free complete security suite for your system!
    1. Avira Anvivir - http://www.free-av.com/en/download/index.html .
    Avira is best & light solution for excellent overall system protection & internet security with real time updates, .

    2. Malwarebytes - http://www.malwarebytes.org/ .
    Malwarebytes is one of the best & effective antimalware tool out there.

    3. Ccleaner - http://www.piriform.com/ccleaner/download .
    CCleaner is a system optimization, privacy and cleaning tool with an efficient & most useful registry cleaner.
  3. There's a simple process I follow to cleaning PCs. Though, some infections just can't be cleaned.

    Here's what I do....

    Boot into safe mode with networking. Download, install, and update malwarebytes. Do a full system scan.
    http://www.malwarebytes.org/

    When Malwarebytes is done, restart into windows. Download, install, and update Avira. Avira only installs in normal windows. Once it's installed, restart into safe mode with networking. Do a full system scan to double check that the system is clean.
    http://www.avira.com/en/downloads/

    Now, download ccleaner and run the registry cleaner to clean and repair any registry damage that the malware did.
    http://www.ccleaner.com/

    Once that's done, the system should be clean.
  4. The first thing i done was run malwarebytes...it didnt find anything.


    The only thing im worried about is the fact that this is not my pc i dont want to have to worry about something not working right for some reason after cleaning everything,otherwise if this was my pc,i wouldnt worry about it one bit
    since i have more than a few ways to fix any problem short of total hardware failure.

    My brother had problems with this laptop not even booting right before(dont know the whole story,not my laptop,thats why im here)...and we dont have the vista install disk so im basically screwed if something were to mess up somehow...i just want the opinion of someone more experienced than myself,just to be sure of the actions i take with these particular files.I dont imagine theres much to worry about but i dont have a whole lot of experience removing viruses and the like,so im not too sure about what the outcome might be if one of these files happens to be something nasty.

    I take more of a a defensive approach to things like this,i like to know what im dealing with and what to expect before i mess around with things.


    Here are the main files im concerned abut,Theyre all named chkdsk.dll and protect.dll,only in
    different locations.


    C>Users>craig>AppData>Roaming>Microsoft>Windows>

    Startmenu>Programs>Startup>chkdsk.dll

    -->win32:Rootkit-gen


    C>Users>Craig>protect.dll -->win32:Rootkit-gen


    C>Users>Default>protect.dll -->win32:Rootkit-gen


    C>Users>guest.craig-pc>Appdata>Roaming>Microsoft

    >Windows>Startmenu>Programs>Startup>chkdsk.dll -->win32:Rootkit-gen


    C>Users>Guest.craig-pc>protect.dll -->win32:Rootkit-gen


    C>Windows>ServiceProfiles\Localservice>protect.dll -->win32:Rootkit-gen


    C>Windows>System32>Config>System>Systemprofile>Appdata>Roaming>Microsoft>Windows>Startmenu>Programs>Startup>chkdsk.dll -->win32:Rootkit-gen


    C>Windows>System32>Config>SystemProfile>protect.dll --->win32:Rootkit-gen


    I just dont like the fact that theyre named "chkdsk.dll" and "protect.dll"

    Heres a couple more.

    c>windows>winxs>x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578F1Fb9a4\WMVCORE.DLL -- "error:the system cannot read from the specified file"


    C>windows>system32>driverstore>filerepository>prnhp.imf_5641fa75>I386>HPFIMG50.DLL -- "error:the system cannot read from the specified file"

    And theres a few which i would bet he most likely from frostwire:

    C>Windows>System32>LocalServise>317.music.au
    >318.music.au
    >319.music.au
    >320.music.au


    Finally i must mention the 11,000 some .tmp files that are causing the avast "spyware blocked" window to keep poping up.They are all win:32:spyware-gen and theyre in the windows/system32 directiory.AKA Win32 Dracur in the scan log.

    What should i do here?If i run a boot time scan with avast,are the files safe to quarantine without messing up the pc?
  5. jimb0b said:
    The first thing i done was run malwarebytes...it didnt find anything.


    If Malwarebytes didn't find anything, and you've got that many infections, you probably didn't run the scan in safe mode with networking. That's where I'd start.

    Rootkits can be real hard to get rid of. From your list, it looks like they are in the system folder. This one may require a fresh install. It's worth a shot to try and clean it.
  6. Best answer
    Another option is to install WinPatrol by BillP studios.

    After install when the application opens you will see a box that can be check marked named "Display Secret Startup Locations (Advanced mode)), place a checkmark in it. It is under the "Startup Programs" tab.

    This should display the rootkit activity so you can remove it from startup. Please note that it also displays valid hidden windows entries so don't just remove everything.

    Also look through the other tabs for the offending entries.

    Once you have been through the options try running MBAM again, it might likely be that the rootkit was hiding its activity from a malware scan.

    You may need to reboot the pc for the changes to take affect, but to be sure run a scan before and after rebooting the PC.
  7. You can also upload the files to Jotti or Virustotal to rule out any false positives, although it is highly unusual to have so many at any giiven time.

    If you want to do this you may need to enable display hidden files and folders to do this.
  8. Ok im pretty sure i got rid of everything,thanks everybody

    By the way,that winpatrol is pretty neat i like it,i think ill install it on my computer.
  9. Best answer selected by Jimb0b.
Ask a new question

Read More

Security Laptops Windows Vista Spyware Apps