Both the anti virus and Spybot missed this infection : APPL / iBryte. Gen

Computer was running slow so I did the anti virus scan. 12 hours later it found nothing other than 35,000 hidden files. It also ran out of virtual memory during the scan. It was obvious something had infected the computer but neither the anti virus or Spybot could spot it.
I finally gave up looking for the infected exe file and did a restore point.
After that I did another search and the anti virus found 27 hits of APPL / iBryte. Gen
Spybot still found nothing but at least SpyBot only takes a few minutes to do a scan.

The system is still a little sluggish so I don't know if I removed everything ???
Anti virus now takes 2.5 hours to do a scan when it used to only take 1 - 1.5 hours. It still finds nothing but that apparently means very little.


Beginning disinfection:
C:\Documents and Settings\Name\My Documents\Downloads\SORT\Setup.exe
[DETECTION] Contains recognition pattern of the APPL/iBryte.Gen application
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!

Careful what you click on and always use a usb mouse with a laptop. Touch pads are treacherous and are the easiest target for accidental clicking on the way to the close window button or going to the scroll bar.
Naturally some people don't listen and BAM!... several hours of searching & cleaning coming up.

(My first post, this site is not so easy to post on as other sites are so please fix. It took a while to find a post option so if this post is in the wrong place then please copy and paste to the correct location. Hopefully Spybot can fix this APPL deal. Thank you)

Hello monkeybytes, :greeting:

It might be best for someone to take a look at the system, please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs so a volunteer analyst can guide you.

Best regards.

Thanks Tashi.
I was thinking of using a clean computer to scan the hard drive in an external caddy so that all files can be scanned.
Nothing suspect in the Task Manager Processes.

The anti virus report had nothing of interest other than :
Beginning disinfection:
C:\Documents and Settings\Name\My Documents\Downloads\SORT\Setup.exe
[DETECTION] Contains recognition pattern of the APPL/iBryte.Gen application
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!

As the protection software failed to deal with it I had to delete the suspect .exe manually.

The strange thing is that I don't think that exe file (Setup.exe) was ever ran. Could it activate without being executed ?
Or did somebody have to run it ?
It would help if the person using the computer could provide some details. Unfortunately they are a serial random mouse clicker that has amnesia when questioned so no help there. (why make life easy right ?)

O'... I also found addresses in the Firefox location bar that won't delete. Not sure if that is connected though. I can't find the file where that list of URL's is kept yet, the search continues.
I found a few doubleclicks that nobody ever seems to block in the anti virus or SpyBot updates.
Would by nice to block 3rd party cookies but too many sites force you to switch that feature off.