1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Avast 4.8 question/ trojan / possible malware

Discussion in 'Virus & Other Malware Removal' started by Diddykongrocks, Apr 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Diddykongrocks

    Diddykongrocks Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    35
    please help i well give as much details as possible first i have windows xp home edition sp2.

    my question is dose the avast resident scanner scan all files on pc like the anti-virus or only the files that are in use . because i installed avast 4.8 and i was going good the sensitivity is on high . every thing is going good until i try housecall in ie 7 it says it was having problems transfering data or something oh and i was using the java kernel . then i tryed housecall using firefox every thing was good then avast showed a messaging saying the sensitivity scanner found WIN32:Trojan-gen {Other} so i choose to delete at next restart so i restarted my pc then did a avast 4.8 anti-virus scan and a avg anti-spyware scan they found nothing . so i thought it was gone i try housecall in firefox again and during the housecall scan it said it found a WIN32:Trojan-gen {Other} so i put it in the avast chest . is the WIN32:Trojan-gen {Other} being found because avastis conflicting with housecall 6.5 has any one else had this problem. here is some additional info .

    avast gives

    File Name: VS113HU6.4CC
    FileID: 6
    Virus Description: Win32:Trojan-gen {Other}

    Original file name: C:\DOCUME~1\myname\LOCALS~1\Temp\VS113HU6.4CC


    heres a hijackthis log this is what it gave im copy and pasting it as is

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:09:07 AM, on 4/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\SiteAdvisor\4608\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    N4 - Mozilla: # Mozilla User Preferences

    /* Do not edit this file.
    *
    * If you make changes to this file while the application is running,
    * the changes will be overwritten when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */

    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.8");
    user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");
    user_pref("network.cookie.prefsMigrated", true);
    user_pref("prefs.converted-to-utf8", true);
    user_pref("signon.SignonFileName", "77964793.s");
    user_pref("wallet.SchemaValueFileName", "77964793.w");
    user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
    (C:\Documents and Settings\EASYHOME\Applicatio
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: ZoneAlarm Security.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7847 bytes



    please help and if the trojan is in the chest it can't harm me right and what is the WIN32:Trojan-gen {Other}
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Select Files to Delete choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  3. Diddykongrocks

    Diddykongrocks Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    35
    well kaspersky online scanner conflict with avast 4.8 or avast resident scanner . and what about the win32:trojan-gen other what is it did i get it because of housecall and the trojan is now in the avast chest can it still affect my pc
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I'm having a bit of a problem understanding what you are trying to say. Perhaps a language barrier?

    What is in the Avast quarantine can be deleted, no need to keep it around.
     
  5. Diddykongrocks

    Diddykongrocks Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    35
    ok i did a full system scan it found i virus 3 infected objects when it was done it said error on page so i could not save the log so i restarted ie and make the online scanner scan my system volume because i know thats where it was infected . here the log

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, April 11, 2008 9:07:44 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 12/04/2008
    Kaspersky Anti-Virus database records: 698819
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Folders:
    C:\System Volume Information\

    Scan Statistics:
    Total number of scanned objects: 18983
    Number of viruses found: 1
    Number of infected objects: 3
    Number of suspicious objects: 0
    Duration of the scan process: 00:21:23

    Infected Object Name / Virus Name / Last Action
    C:\System Volume Information\_restore{A20832FC-BF04-403D-920C-E5D1A27EAB07}\RP677\A0274760.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{A20832FC-BF04-403D-920C-E5D1A27EAB07}\RP677\A0274760.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{A20832FC-BF04-403D-920C-E5D1A27EAB07}\RP677\A0274760.exe RarSFX: infected - 2 skipped
    C:\System Volume Information\_restore{A20832FC-BF04-403D-920C-E5D1A27EAB07}\RP700\change.log Object is locked skipped

    Scan process completed.


    please help what are these and how can i get rid of them if im even infected
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  7. Diddykongrocks

    Diddykongrocks Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    35
    turning off system restore well it delete or is there a chance of it corrupting any of my files like my pictures. and i have a virus in the avast chest that had came from the system restore it well not reactivate it right and turning off the system restore well not make more viruses come well it. is there another way to get rid of the infection kaspersky has shown.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    What Kaspersky is showing is in system restore. Turning off system restore will not delete any files or pictures.

    Once you have turned it off, restart the system and then turn it back on.

    Do a new Kaspersky scan and post the results.
     
  9. Diddykongrocks

    Diddykongrocks Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    35
    ok so turning off the system restore is safe it won't delete anything or release any other viruses . and like i said i have a virus in the avast chest that came from the system restore what well happen to it and . before i do this can this help me i dont what it is if its a anti-virus or a anti-malware i have not downloaded it yet because i don't now if its safe. but please check this out

    http://www.majorgeeks.com/Kaspersky_Free_Cleaner_d4515.html

    http://forum.kaspersky.com/index.php?showtopic=60489&st=0&p=551352&#entry551352
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You have to empty the avast chest to remove that item.

    You don't need to download those.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Avast question trojan
  1. Closed100
    Replies:
    0
    Views:
    477
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702673

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice