20 something viruses on my computer! cant post dds log

[Edgecrusher]

unfornately avira has detected more malwares.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp229627515.tmp.
Action performed: Allow access

Virus or unwanted program 'ADSPY/AdSpy.Gen3 [adware]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp233153583.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp27379410.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp262251899.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp260376227.tmp.
Action performed: Allow access

Virus or unwanted program 'ADSPY/AdSpy.Gen3 [adware]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp239616817.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp201961621.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp\_avast4_\unp119511137.tmp.
Action performed: Allow access

[shelf life]

avira has detected more malwares.

did you have Avast installed at one time?

Local Settings\temp\_avast4_\unp229627515.tmp

I believe these are files that where unpacked by Avast prior to scanning them and are just leftovers from when you uninstalled Avast.

Since you no longer have Avast you can delete the entire Avast folder using explorer located here: C:\Documents and Settings\philip.PHILIP-5D444590\Local Settings\temp_avast4
In order to help show all the files in explorer you can do this first:

For XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

[Edgecrusher]

yes i did install avast one time, but a long time ago.

the Local Settings\temp\_avast4 folder is empty.

malware has detected Trojan.FakeAlert.SA which is what avira found, but spybot didnt find anything.

[shelf life]

malware has detected Trojan.FakeAlert.SA

Ok, if it deleted it then nothing to worry about.

[Edgecrusher]

yeah malwarebyte deleted it, and didnt require a restart. today i noticed i havent got any google redirects and my enter key is now working everytime i enter a search topic. shall i post a new DDS Log or is there any other steps i need to do?

[shelf life]

ok Good. Looks like we are all done. Couple things left to do; you can delete the tdsskiller and aswMBR icons/logs from your desktop.
You can remove combofix like this:
Start>run and type in: combofix /uninstall
click ok or enter
note the space after the x and before the /

Note that the free version of Malwarebytes must be updated manually and a scan started manually.
You can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

And last is some information to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, browser plug-ins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how to secure your browser for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it.
Do you really trust the source?

More info/tips with pictures in links below.

Happy Safe Surfing.

[Edgecrusher]

ok i have done that now

[Edgecrusher]

hi, unfornately there's another malware problem with my computer. this time a relative of mine did something to it. they clicked on a website link and avira detected malwares. im currently with scanning malwarebytes and so far found 3 malwares. during the scans, through earphones i can hear mouse clicking opening windows in the background, ads playing in the background and internet explorer opening random sites. please help.

[shelf life]

Ok. In order to avoid confusion, start a new thread and I will look for it. Post a new DDS log also and we will go from there.

[Edgecrusher]

ok i will do that now