Sign in with
Sign up | Sign in
Your question
Solved

Need help removing spyware off laptop/Where to find avast log files?

Last response: in Applications
Share
March 11, 2010 1:45:49 AM

Where can i find the log files for avast on a vista laptop?

My dad helped my brother finfance a laptop,he couldnt make the payments so my dad took it over.It has a BUTTLOAD of spyware in some temp files located in the system32 directory.

Im hoping if i can upload the log file someone can help me safely get rid of this junk without messing up his pc.Its terrible.
a b 8 Security
a b D Laptop
March 11, 2010 2:52:10 AM

In my point of view, avira is better than Avast.
Avira+Malwarebytes will do the job!
Ccleaner installed with these gives good security & optimization setup.

Download & Install the following 3 freewares. It forms a free complete security suite for your system!
1. Avira Anvivir - http://www.free-av.com/en/download/index.html .
Avira is best & light solution for excellent overall system protection & internet security with real time updates, .

2. Malwarebytes - http://www.malwarebytes.org/ .
Malwarebytes is one of the best & effective antimalware tool out there.

3. Ccleaner - http://www.piriform.com/ccleaner/download .
CCleaner is a system optimization, privacy and cleaning tool with an efficient & most useful registry cleaner.
m
0
l
Related resources
a b 8 Security
a b D Laptop
March 11, 2010 2:57:51 AM

There's a simple process I follow to cleaning PCs. Though, some infections just can't be cleaned.

Here's what I do....

Boot into safe mode with networking. Download, install, and update malwarebytes. Do a full system scan.
http://www.malwarebytes.org/

When Malwarebytes is done, restart into windows. Download, install, and update Avira. Avira only installs in normal windows. Once it's installed, restart into safe mode with networking. Do a full system scan to double check that the system is clean.
http://www.avira.com/en/downloads/

Now, download ccleaner and run the registry cleaner to clean and repair any registry damage that the malware did.
http://www.ccleaner.com/

Once that's done, the system should be clean.
m
0
l
March 11, 2010 5:54:03 AM

The first thing i done was run malwarebytes...it didnt find anything.


The only thing im worried about is the fact that this is not my pc i dont want to have to worry about something not working right for some reason after cleaning everything,otherwise if this was my pc,i wouldnt worry about it one bit
since i have more than a few ways to fix any problem short of total hardware failure.

My brother had problems with this laptop not even booting right before(dont know the whole story,not my laptop,thats why im here)...and we dont have the vista install disk so im basically screwed if something were to mess up somehow...i just want the opinion of someone more experienced than myself,just to be sure of the actions i take with these particular files.I dont imagine theres much to worry about but i dont have a whole lot of experience removing viruses and the like,so im not too sure about what the outcome might be if one of these files happens to be something nasty.

I take more of a a defensive approach to things like this,i like to know what im dealing with and what to expect before i mess around with things.


Here are the main files im concerned abut,Theyre all named chkdsk.dll and protect.dll,only in
different locations.


C>Users>craig>AppData>Roaming>Microsoft>Windows>

Startmenu>Programs>Startup>chkdsk.dll

-->win32:Rootkit-gen


C>Users>Craig>protect.dll -->win32:Rootkit-gen


C>Users>Default>protect.dll -->win32:Rootkit-gen


C>Users>guest.craig-pc>Appdata>Roaming>Microsoft

>Windows>Startmenu>Programs>Startup>chkdsk.dll -->win32:Rootkit-gen


C>Users>Guest.craig-pc>protect.dll -->win32:Rootkit-gen


C>Windows>ServiceProfiles\Localservice>protect.dll -->win32:Rootkit-gen


C>Windows>System32>Config>System>Systemprofile>Appdata>Roaming>Microsoft>Windows>Startmenu>Programs>Startup>chkdsk.dll -->win32:Rootkit-gen


C>Windows>System32>Config>SystemProfile>protect.dll --->win32:Rootkit-gen


I just dont like the fact that theyre named "chkdsk.dll" and "protect.dll"

Heres a couple more.

c>windows>winxs>x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578F1Fb9a4\WMVCORE.DLL -- "error:the system cannot read from the specified file"


C>windows>system32>driverstore>filerepository>prnhp.imf_5641fa75>I386>HPFIMG50.DLL -- "error:the system cannot read from the specified file"

And theres a few which i would bet he most likely from frostwire:

C>Windows>System32>LocalServise>317.music.au
>318.music.au
>319.music.au
>320.music.au




Finally i must mention the 11,000 some .tmp files that are causing the avast "spyware blocked" window to keep poping up.They are all win:32:spyware-gen and theyre in the windows/system32 directiory.AKA Win32 Dracur in the scan log.

What should i do here?If i run a boot time scan with avast,are the files safe to quarantine without messing up the pc?
m
0
l
a b 8 Security
a b D Laptop
March 11, 2010 10:49:41 AM

jimb0b said:
The first thing i done was run malwarebytes...it didnt find anything.


If Malwarebytes didn't find anything, and you've got that many infections, you probably didn't run the scan in safe mode with networking. That's where I'd start.

Rootkits can be real hard to get rid of. From your list, it looks like they are in the system folder. This one may require a fresh install. It's worth a shot to try and clean it.
m
0
l

Best solution

March 11, 2010 11:50:50 AM

Another option is to install WinPatrol by BillP studios.

After install when the application opens you will see a box that can be check marked named "Display Secret Startup Locations (Advanced mode)), place a checkmark in it. It is under the "Startup Programs" tab.

This should display the rootkit activity so you can remove it from startup. Please note that it also displays valid hidden windows entries so don't just remove everything.

Also look through the other tabs for the offending entries.

Once you have been through the options try running MBAM again, it might likely be that the rootkit was hiding its activity from a malware scan.

You may need to reboot the pc for the changes to take affect, but to be sure run a scan before and after rebooting the PC.
Share
March 11, 2010 11:54:23 AM

You can also upload the files to Jotti or Virustotal to rule out any false positives, although it is highly unusual to have so many at any giiven time.

If you want to do this you may need to enable display hidden files and folders to do this.
m
0
l
March 11, 2010 10:02:23 PM

Ok im pretty sure i got rid of everything,thanks everybody

By the way,that winpatrol is pretty neat i like it,i think ill install it on my computer.
m
0
l
March 11, 2010 10:04:35 PM

Best answer selected by Jimb0b.
m
0
l
!