[stylishmonk]

ESET LOG


C:\Users\Sudharshan\AppData\Local\Mozilla\Firefox\ Profiles\fs1tc15w.default\Cache\1A94D9F3d01 Win32/Adware.ADON application deleted - quarantined
C:\Users\Sudharshan\Downloads\SETUPS\unlocker1.8.8 .exe Win32/Adware.ADON application deleted - quarantined

Thanks for all your help

[evilfantasy]

Looks good. How is the computer running now?

[stylishmonk]

well yeah....the computer is running fine...i have no problems with performance and things, no data loss...but then , AVAST antivirus seems to detect viruses like i first showed in the avast log....well SAS didnt detect, MBAM didnt, and ESET didnt, but avast seems to. I just dont want to take risk....still after following the malware removal guide.....avast still picks up 15 viruses as i am writing now. Sometimes it detects 7 viruses , sometimes 5 , 15 now, exuse me if this is frustrating...but then i just want to be sure that my laptop is completely safe..... here ill post those 15 viruses log here for your reference ,if you need,
Just one last question....do i ignore avast's detections assuming them to be false positives?
if so.....then how can there be 15 false positives?

Thank you very much.....I appreciate your support

[stylishmonk]

Process 968, memory block 0x033D5000, block size 270336 Infection: JS:Agent-AU [Expl] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04B60000, block size 262144 Infection: Win32:Adloader-AC [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04CA0000, block size 262144 Infection: Win32:FraudLoad-P [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04DE0000, block size 262144 Infection: Win32:Agent-SG [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04E70000, block size 262144 Infection: Win32:PcClient-OD [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04F20000, block size 262144 Infection: Win32:MalWarrior [Tool] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x04F90000, block size 262144 Infection: Win32:Small-HZH [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x05080000, block size 262144 Infection: Win32:Banker-CDW [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x050E0000, block size 262144 Infection: Win32:Zlob-KC [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x05150000, block size 262144 Infection: Win32:Delf-IZG [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x051E0000, block size 262144 Infection: BV:AutoRun-E [Wrm] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x05320000, block size 262144 Infection: JS:Agent-AU [Expl] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x053A0000, block size 372736 Infection: Win32:Small-HUF [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x05420000, block size 262144 Infection: Win32:Small-gen2 [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect
Process 968, memory block 0x054E0000, block size 262144 Infection: Win32:Zbot-AVH [Trj] Error occurred during moving file to chest: The filename, directory name, or volume label syntax is incorrect

[evilfantasy]

RootRepeal - Rootkit Detector

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[stylishmonk]

Rootrepeal not supported in 64 bit OS....

[evilfantasy]

With 64bit we don't have many options on the tools we normally use.

Set Avast to do a Boot Scan and see if it finds anything. http://www.digitalred.com/avast-boot-time.php

[stylishmonk]

nope...64 bit doesnt support boot time scan too....the option is greyed out..

[evilfantasy]

Were running out of options here.

Download Dr.Web CureIt and save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply.

[stylishmonk]

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 793367
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 12 Kb/s
Scan time: 12:26:48
-----------------------------------------------------------------------------

Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK

[Scan path] C:\Users\SUDHAR~1\AppData\Local\Temp\dc06223780\*P ROCESS
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 3
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 1 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK

[Scan path] C:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 3
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:04
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
================================================== ===========================
Total session statistics
================================================== ===========================
Scanned: 798939
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 43 Kb/s
Scan time: 12:31:55
================================================== ===========================

I dont know why im not able to post the full log....maybe because it is too big... i tried but the page is simply not reloading.