| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96365 | 2009-01-08 07:28:00 | Adware.generic infection | Mateo1981 (12187) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 736142 | 2009-01-08 07:28:00 | AVG picked up an Adware.generic infection on the registry(HKLM\SOFTWARE\Microsoft\Windows\CurrentVe rsion\run\\AVP) couldn't find it with regedit. How do i fix it? oh yeah when i try to delete it with AVG it says "Threat cannot be removed by standard user rights, Do you want remove threat as poweruser? I choose yes and then enter my admin user and password and it says "some files cannot be healed:access denied." |
Mateo1981 (12187) | ||
| 736143 | 2009-01-08 07:35:00 | Do a scan with malwarebytes Get a better AV program |
Speedy Gonzales (78) | ||
| 736144 | 2009-01-08 07:47:00 | I use Kaspersky and malwarebytes on the same computer and they don't detect anything, i also used Ad-aware, Spybot, Spyware terminator, SuperAntispyware Professional. (Overkill or thorough? better safe then sorry.) | Mateo1981 (12187) | ||
| 736145 | 2009-01-08 07:59:00 | Well yer. You dont need so many, theyre probably conflicting with each other, if theyre all running at the same time If Kaspersky is installed, get rid of AVG. You should only have one AV program installed Disable all of them in startup. Get trojan remover then do a scan, post a HJT log That entry you posted maybe a trojan. So disable system restore |
Speedy Gonzales (78) | ||
| 736146 | 2009-01-08 09:22:00 | disabled system restore, Trojan Remover found and removed some files and my HJT log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:35 p.m., on 8/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\Explorer.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: ,C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 3050 bytes |
Mateo1981 (12187) | ||
| 736147 | 2009-01-08 09:31:00 | You sure AVG wasnt picking up Kaspersky's startup entry?? Since thats AVP? Tick this entry then tick fix checked Close browsers O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll Uninstall this O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll Then reboot, then turn system restore back on |
Speedy Gonzales (78) | ||
| 736148 | 2009-01-08 09:43:00 | >You sure AVG wasnt picking up Kaspersky's startup entry?? >Since thats AVP? Looks like it, i never new how imcompatible they are with each other. >Tick this entry then tick fix checked >Close browsers >O3 - Toolbar: &Crawler Toolbar - >{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - >C:\PROGRA~1\Crawler\Toolbar\ctbr.dll >Uninstall this >O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - >C:\PROGRA~1\Crawler\Toolbar\ctbr.dll >Then reboot, then turn system restore back on Done. Do they program these programs to conflict with each other on purpose? |
Mateo1981 (12187) | ||
| 736149 | 2009-01-08 10:06:00 | It may have been a false postive with AVG or something. It thats what it was picking up (Kaspersky) AVG has done this before by the looks of it lol with Nortons/Avira (www.wilderssecurity.com) |
Speedy Gonzales (78) | ||
| 736150 | 2009-01-08 19:45:00 | cool thanks for your help. | Mateo1981 (12187) | ||
| 1 | |||||