AVG scan running now, but it already found threats:
Several occurrences of
\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll
and
c:\Program Files\Internet Explorer\iexplore (####)
and one occurrence of
c:\Window\Explorer.exe (2608).
Ugh.
AVG scan running now, but it already found threats:
Several occurrences of
\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll
and
c:\Program Files\Internet Explorer\iexplore (####)
and one occurrence of
c:\Window\Explorer.exe (2608).
Iexplore.exe and explorer.exe are no threats.
Please post next full AVG scan report.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
AVG Full Scan
AVG found 8 "infections", none of which it healed. It found a bunch of tracking cookies (e.g., ad.yieldmanagers, Doubleclick,net, etc.), and moved all of them to the virus vault.
Here are the details for the 8 unhealed infections.
"\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll";"Virus identified Packed.Hidden";"Infected"
"\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll";"Virus identified Packed.Hidden";"Infected"
"\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll";"Virus identified Packed.Hidden";"Infected"
"\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll";"Virus identified Packed.Hidden";"Infected"
"C:\Program Files\Internet Explorer\iexplore.exe (1716)";"Virus identified Packed.Hidden";"Infected"
"C:\Program Files\Internet Explorer\iexplore.exe (2016)";"Virus identified Packed.Hidden";"Infected"
"C:\Program Files\Internet Explorer\iexplore.exe (3568)";"Virus identified Packed.Hidden";"Infected"
"C:\WINDOWS\EXPLORER.EXE (2608)";"Virus identified Packed.Hidden";"Infected"
These are false positives unless AVG means that \\?\globalroot\systemroot\system32\vsfocetkopabwq.dl is injected into those processes.
"C:\Program Files\Internet Explorer\iexplore.exe (1716)";"Virus identified Packed.Hidden";"Infected"
"C:\Program Files\Internet Explorer\iexplore.exe (2016)";"Virus identified Packed.Hidden";"Infected"
"C:\Program Files\Internet Explorer\iexplore.exe (3568)";"Virus identified Packed.Hidden";"Infected"
"C:\WINDOWS\EXPLORER.EXE (2608)";"Virus identified Packed.Hidden";"Infected"
Are you able to find C:\windows\system32\vsfocetkopabwq.dll?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Shaba:
No I cannot find vsfoce....
I looked in the C drive folders, and ran a search and did not locate it.
So let's then check this:
Download gmer.zip and save to your desktop.
alternate download site
- Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
- When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.- Double-click on Gmer.exe to start the program.
- Allow the gmer.sys driver to load if asked.
- If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
- Click on the Rootkit tab.
- Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
- Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
- Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.- When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
- Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Shaba:
Gmer caused my PC to reboot each of the 3 times I tried to run it. I tried Gmer again in Safe Mode, and it did run. However, I can't get the results copied into a text file. The Gmer screen's "copy" button is inaccessible on the display when in SafeMode.
I tried to reset the display size and couldn't (I assume because I'm in safe mode). I reset the default display size in normal mode and rebooted, but SafeMode defaults to the larger font which moves the "copy" button out of reach. I highlighted the Gmer search results and tried Control-C and Control-V, but could not copy and paste the results. I see no other menu in Gmer which has a copy function.
Thoughts?
Posting Permissions
