39 replies to this topic

[CatByte]

Post the Avira log - let me see what it found, it may just be cookies, which you needn't worry about.

Comodo has to 'learn' your preferences. Once you allow a trusted application, you check to always allow that application - then it wont ask again. Go to the Comodo Forum and read the FAQ - lots of very useful information there on how to correctly use the firewall

http://forums.comodo.com/

[mekap04]

Avira AntiVir Personal Report file date: Sunday, December 06, 2009 04:21 Scanning for 1417608 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 1) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MEKA Version information: BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:15:39 VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 21:15:40 VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 21:15:40 VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 21:15:40 VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 21:15:40 VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 21:15:40 VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 21:15:40 VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 21:15:40 VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 21:15:40 VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 21:15:40 VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 21:15:40 VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 21:15:40 VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 21:15:40 VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 21:15:40 VBASE015.VDF : 7.10.1.129 2048 Bytes 11/30/2009 21:15:40 VBASE016.VDF : 7.10.1.130 2048 Bytes 11/30/2009 21:15:40 VBASE017.VDF : 7.10.1.131 2048 Bytes 11/30/2009 21:15:40 VBASE018.VDF : 7.10.1.132 2048 Bytes 11/30/2009 21:15:40 VBASE019.VDF : 7.10.1.133 2048 Bytes 11/30/2009 21:15:40 VBASE020.VDF : 7.10.1.134 2048 Bytes 11/30/2009 21:15:40 VBASE021.VDF : 7.10.1.135 2048 Bytes 11/30/2009 21:15:41 VBASE022.VDF : 7.10.1.136 2048 Bytes 11/30/2009 21:15:41 VBASE023.VDF : 7.10.1.137 2048 Bytes 11/30/2009 21:15:41 VBASE024.VDF : 7.10.1.138 2048 Bytes 11/30/2009 21:15:41 VBASE025.VDF : 7.10.1.139 2048 Bytes 11/30/2009 21:15:41 VBASE026.VDF : 7.10.1.140 2048 Bytes 11/30/2009 21:15:41 VBASE027.VDF : 7.10.1.141 2048 Bytes 11/30/2009 21:15:41 VBASE028.VDF : 7.10.1.142 2048 Bytes 11/30/2009 21:15:41 VBASE029.VDF : 7.10.1.143 2048 Bytes 11/30/2009 21:15:41 VBASE030.VDF : 7.10.1.144 2048 Bytes 11/30/2009 21:15:41 VBASE031.VDF : 7.10.1.170 150528 Bytes 12/5/2009 21:15:41 Engineversion : 8.2.1.92 AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 12:38:52 AESCRIPT.DLL : 8.1.2.45 586108 Bytes 12/5/2009 21:15:43 AESCN.DLL : 8.1.2.5 127346 Bytes 11/8/2009 12:38:46 AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 12:38:44 AERDL.DLL : 8.1.3.4 479605 Bytes 12/5/2009 21:15:42 AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 12:38:40 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 12:38:38 AEHEUR.DLL : 8.1.0.184 2146681 Bytes 12/5/2009 21:15:42 AEHELP.DLL : 8.1.7.5 237942 Bytes 12/5/2009 21:15:41 AEGEN.DLL : 8.1.1.78 364917 Bytes 12/5/2009 21:15:41 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26 AECORE.DLL : 8.1.8.5 180598 Bytes 12/5/2009 21:15:41 AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PFS,+SPR, Start of the scan: Sunday, December 06, 2009 04:21 Starting search for hidden objects. '27888' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'update.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'SpamSubtract.exe' - '1' Module(s) have been scanned Scan process 'BackWeb-1940576.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'udsi.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'OPXPApp.exe' - '1' Module(s) have been scanned Scan process 'omniServ.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '65' files ). Starting the file scan: Begin scan in 'C:\' <PRESARIO> C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application C:\hp\bin\Terminator.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application C:\hp\bin\CorelWP\src\Setup\bfix.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan C:\hp\region\EN_US-ie.reg [DETECTION] Is the TR/WinREG.StartPage.2 Trojan Beginning disinfection: C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application [NOTE] The file was moved to '4b877eec.qua'! C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application [NOTE] The file was moved to '4af4f63d.qua'! C:\hp\bin\Terminator.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application [NOTE] The file was moved to '4b8d7ee8.qua'! C:\hp\bin\CorelWP\src\Setup\bfix.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to '4b847ee9.qua'! C:\hp\region\EN_US-ie.reg [DETECTION] Is the TR/WinREG.StartPage.2 Trojan [NOTE] The file was moved to '4b7a7ed1.qua'! End of the scan: Sunday, December 06, 2009 04:51 Used time: 29:25 Minute(s) The scan has been done completely. 3150 Scanned directories 205403 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 205396 Files not concerned 12738 Archives were scanned 2 Warnings 7 Notes 27888 Objects were scanned with rootkit scan 0 Hidden objects were found thanks for the info

[CatByte]

Hi, Those are legitimate files that are included in your hp installation files. You may want to restore them from the Avast quarantine and place them on the exclusion list so they won't be detected in the future. Avast merely flagged them based on heuristics, meaning they have a pattern similar to some malware files. It's what's known as a false positive.

[mekap04]

Hi,

Those are legitimate files that are included in your hp installation files. You may want to restore them from the Avast quarantine and place them on the exclusion list so they won't be detected in the future.

Avast merely flagged them based on heuristics, meaning they have a pattern similar to some malware files.

It's what's known as a false positive.

all of them?

[CatByte]

Yep, they are all hp installation files:

C:\hp\bin\KillIt.exe
C:\hp\bin\KillWind.exe
C:\hp\bin\Terminator.exe
C:\hp\bin\CorelWP\src\Setup\bfix.exe
C:\hp\region\EN_US-ie.reg
C:\hp\bin\KillIt.exe
C:\hp\bin\KillWind.exe
C:\hp\bin\Terminator.exe
C:\hp\bin\CorelWP\src\Setup\bfix.exe
C:\hp\region\EN_US-ie.reg

[mekap04]

OK, thank you for that information. I have just ignored the rest of the alerts I got because the virus program detected it again. One last question. My paypal account was access by a third party when I caught the virus because I logged in when the virus was on my computer and affecting my searches and browser related activities. How do I know that when I enter personal information, that it will be secure and it wont get hijacked? I just want to make sure my computer is clean because my personal and financial information is scary for someone else to access without me knowing. Thanks for your time.

[CatByte]

Hi, It is impossible to guarantee that you will not get hacked again. From my experience, your computer appears to be clean. You have an antivirus installed. You have reformatted, so anything that was on your computer should now be gone.

There is no way to prevent this type of thing from happening again for certainty, all you can do is be careful about what sites you visit and what you download

You may wish to consider a third paty firewall:

FREE FIREWALLS

• Sunbelt Kerio
• Outpost
• Jetico Personal Firewall

I can also help with these other recommendations:


Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• Please read these useful guides How did I get infected in the first place?
• PC Safety and Security--What Do I Need?
• miekiemoes' Prevention topic.

[mekap04]

Thanks again. This is really helpful. I appreciate your help and quick responses. I will donate as soon as I get my paypal account squared away. Thanks

[CatByte]

you are more than welcome stay safe ~CB

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.