Mal/Adwar Infection

[topazhn]

Ok - Yes I screwed up. Now I need some help extricating myself. I downloaded something and clicked to expand it. AVG sounded the alarm; too late.

Now I've got that 'd.exe'and 'a.dat'. I can't del or earase d.exe. I can do either to a.dat but, from the time stamp, you can see another file is fetched. Ads open in IE(6.0.29).Of course unclicking it in msconfig is useless - see below. The similar one underneath (last line in msconfigimage) does stay unclicked. That was the original, but rebooting has spawned its evil, persistant clone.

In regedit I can delete the HKCU entry, but on reboot it's back.

This is a fresh install and it loaded very quickly. Now it is appreciably slower so I'm concerned that there is something else I haven't found yet - like the dreaded root kit :-( Or possibly it's just rebuilding itself after I try to knock it down.

While I was typing this up in Notepad IE poped up and ran an ad for Jabra Stone from AT&T, a full blown, professional flash presentation complete with audio. Down and dirty I can just do another wipe and load; I would prefer to profit from my mistake by learning how to deal with this more elegantly.

Thanks - helen

PS Here is an image and be sure to ask for any additional info if you need it HNC

 

[aford10]

Boot into safe mode with networking (f8 on startup). Download, install, and update malwarebytes. Run a full system scan.
http://www.malwarebytes.org/

When that is done, boot into normal windows, and download and install Avira. Restart, and get back into safe mode with networking (Avira will only download and install in normal windows). Update Avira and run a full system scan to confirm the system is clean.
http://www.avira.com/en/download/index.html

 

[topazhn]

Thank you aford10. I will follow your direction and report back.

Boot into safe mode with networking (f8 on startup). Download, install, and update malwarebytes. Run a full system scan.
http://www.malwarebytes.org/

When that is done, boot into normal windows, and download and install Avira. Restart, and get back into safe mode with networking (Avira will only download and install in normal windows). Update Avira and run a full system scan to confirm the system is clean.
http://www.avira.com/en/download/index.html

 

[btk1w1]

You may want to disable AVG when running Avira to prevent system instability.

 

[aford10]

You may want to disable AVG when running Avira to prevent system instability.

^ +1

I would go one step further, and uninstall AVG. Avira is a better quality AV, IMO. You can use Avira in place of AVG.

 

[btk1w1]

I agree, Avira has it all over AVG. Lighter on resources and much more effective.

In case you need it:
http://www.avg.com/us-en/download-tools

 

[topazhn]

11:54 PM 12/2/2009

Subject: SitRep

Following the suggestions of aford10, I believe my 'puter is germ free.

I agree with aford10 and btk1w1 - Avira does seem a better product. Thank you both for your advice and suggestions.

helen c

 

[aford10]

They work like a charm

 

[Moneykidz1]

I think you should go with the free version of Avast.
http://avast.com

Way better than Avg.Avira is also good.Avast is very good.You even have an option to do a boot time scan!You should try it.

 

[aford10]

As much as I like Avira, I wouldn't recommend the boot scan. It slows down your boot time. If you want to run a scan while there are minimal resources running, use safe mode with networking.