We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Alpha antivirus
Options
Comments
-
i see what your saying, but i cant get it to download.
any help getting it downloaded would be great.0 -
give it another go but this time bootup and keep pressing F8 to get into SAFE MODE WITH NETWORKING
Download it
Right click it and RENAME it to something random (ie - ne8r734tf45yb.exe)
Install that and update etc
If it STILL fails then go into safe mode with networking and ~
Please run COMBOFIX
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Follow these instructions to continue: (taken from above link?
1. Open Task Manager by pressing Ctrl+Shift+Esc.
2. Navigate to the Processes tab.
3. Locate for a process called Alpha.exe and end it's process by click the End Process button at the bottom left hand corner of Task Manager and click Yes.
4. Continue with the instructions listed below to remove Alpha Antivirus completely.
Malwarebytes should hopefully work then:idea:0 -
ComboFix 09-11-25.05 - Duffy 26/11/2009 9:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.903 [GMT 0:00]
Running from: c:\documents and settings\Duffy\My Documents\QUERTY.exe
AV: avast! antivirus 4.8.1351 [VPS 091126-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Duffy\Application Data\inst.exe
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.
2009-11-26 08:29 . 2009-11-26 08:29
d
w- c:\windows\system32\wbem\Repository
2009-11-26 08:20 . 2009-11-26 08:27
d
w- c:\program files\Spyware Doctor(2)
2009-11-13 09:36 . 2009-11-13 09:36
d
w- c:\documents and settings\Duffy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-13 07:11 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Duffy\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-13 07:11 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-13 07:11 . 2009-11-13 07:11
d
w- c:\program files\Common Files\Adobe AIR
2009-11-13 07:10 . 2009-11-13 07:10 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-13 07:10 . 2009-11-13 09:32
d
w- c:\documents and settings\All Users\Application Data\NOS
2009-11-10 06:42 . 2009-11-10 09:22
d
w- c:\documents and settings\Duffy\Local Settings\Application Data\Yahoo!
2009-11-01 09:35 . 2009-11-01 09:35
d-sh--w- c:\documents and settings\All Users\DRM
2009-10-30 10:49 . 2009-10-30 10:49
d
w- c:\program files\CCleaner
2009-10-30 09:39 . 2009-10-30 09:39
d
w- c:\program files\Trend Micro
2009-10-30 09:11 . 2009-11-02 20:42 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-30 09:10 . 2009-10-30 09:10
d
w- c:\program files\Windows Defender
2009-10-28 18:15 . 2009-11-23 11:21
d
w- c:\documents and settings\Duffy\Application Data\Spotify
2009-10-28 18:15 . 2009-10-28 18:16
d
w- c:\documents and settings\Duffy\Local Settings\Application Data\Spotify
2009-10-28 18:15 . 2009-10-28 18:15
d
w- c:\program files\Spotify
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 08:29 . 2009-06-23 15:25
d
w- c:\documents and settings\Duffy\Application Data\uTorrent
2009-11-26 08:29 . 2009-10-12 05:40
d
w- c:\program files\Spybot - Search & Destroy
2009-11-26 08:29 . 2009-10-12 05:40
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-25 09:01 . 2009-11-26 08:26 142888 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-11-25 07:55 . 2009-09-23 07:01
d
w- c:\documents and settings\Duffy\Application Data\vlc
2009-11-23 11:17 . 2009-08-31 07:29
d
w- c:\program files\PokerStars
2009-11-18 11:35 . 2009-06-24 14:22
d
w- c:\documents and settings\Duffy\Application Data\Vso
2009-11-13 07:12 . 2009-08-09 08:54
d
w- c:\program files\Common Files\Adobe
2009-10-25 09:40 . 2009-10-12 05:40
d
w- c:\documents and settings\All Users\Application Data\vsosdk
2009-10-24 11:44 . 2009-10-23 12:06
d
w- c:\program files\PDF Suite
2009-10-23 12:07 . 2009-10-23 12:07
d
w- c:\documents and settings\Duffy\Application Data\PDF Software
2009-10-22 04:39 . 2009-05-21 12:35 46096 ----a-w- c:\documents and settings\Duffy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 04:23 . 2009-10-22 04:23
d
w- c:\program files\MSBuild
2009-10-22 04:23 . 2009-10-22 04:23
d
w- c:\program files\Reference Assemblies
2009-10-12 05:44 . 2009-10-12 05:44
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-12 05:44 . 2009-10-12 05:44
d
w- c:\program files\Common Files\Ahead
2009-10-12 05:44 . 2009-10-12 05:44
d
w- c:\program files\NewSoft
2009-10-12 05:44 . 2009-07-01 07:58
d
w- c:\program files\DivX
2009-10-12 05:44 . 2009-09-22 05:40
d
w- c:\program files\Any DVD Cloner Express
2009-10-12 05:43 . 2009-05-19 17:51
d
w- c:\program files\Google
2009-10-12 05:41 . 2009-10-10 10:48
d
w- c:\program files\AskBarDis
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\HP
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\HMRC
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-12 05:41 . 2009-10-12 05:41
d
w- c:\documents and settings\All Users\Application Data\Nero
2009-10-12 05:40 . 2009-10-12 05:40
d
w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-10-10 08:51 . 2009-10-10 08:51
d
w- c:\program files\Alcohol Soft
2009-10-09 09:10 . 2009-10-09 09:10
d
w- c:\program files\Adobe(2)
2009-10-06 05:55 . 2009-05-19 15:20
d
w- c:\program files\Ahead
2009-10-02 10:25 . 2009-06-29 10:55
d
w- c:\documents and settings\Duffy\Application Data\HP
2009-09-27 11:32 . 2009-08-06 07:02
d
w- c:\program files\UltraISO
2009-09-27 11:32 . 2009-08-06 07:02
d
w- c:\program files\Common Files\EZB Systems
2009-09-27 11:32 . 2009-09-22 07:27
d
w- c:\program files\CyberLink
2009-09-27 11:32 . 2009-05-19 16:09
d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\documents and settings\Duffy\Application Data\pcouffin.sys
2009-09-22 07:38 . 2009-06-24 14:22 47360 ----a-w- c:\documents and settings\Duffy\Application Data\pcouffin.sys
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-09 06:40 . 2009-08-09 06:34 143392 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-09 06:40 . 2009-08-08 10:05 14880 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-11-12 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-5-19 331776]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9101:TCP"= 9101:TCP:BitComet 9101 TCP
"9101:UDP"= 9101:UDP:BitComet 9101 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/06/2009 14:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/06/2009 14:26 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 gupdate1c9f971741070e8;Google Update Service (gupdate1c9f971741070e8);c:\program files\Google\Update\GoogleUpdate.exe [30/06/2009 10:56 133104]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [27/08/2009 08:24 12672]
.
Contents of the 'Scheduled Tasks' folder
2009-11-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 10:55]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 10:56]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 10:56]
2009-11-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2009-11-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
2009-09-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Duffy\Application Data\Mozilla\Firefox\Profiles\yt9ucrk5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/firefox/?fr=yff35-sfp
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 09:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP00000386291C13F3557A0FF4 524288 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2009-11-26 09:27
ComboFix-quarantined-files.txt 2009-11-26 09:27
Pre-Run: 62,371,827,712 bytes free
Post-Run: 62,606,643,200 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 20A1CC1CE90F5DE41FFAFA44742F6DB60 -
Follow these instructions to continue: (taken from above link?
1. Open Task Manager by pressing Ctrl+Shift+Esc.
2. Navigate to the Processes tab.
3. Locate for a process called Alpha.exe and end it's process by click the End Process button at the bottom left hand corner of Task Manager and click Yes.
4. Continue with the instructions listed below to remove Alpha Antivirus completely.
Malwarebytes should hopefully work then
I cant see anything in the combofix log
Have you done the above then tried malwarebytes?:idea:0 -
ok heres the report.
Malwarebytes' Anti-Malware 1.41
Database version: 3240
Windows 5.1.2600 Service Pack 3
27/11/2009 07:29:07
mbam-log-2009-11-27 (07-29-07).txt
Scan type: Full Scan (C:\|)
Objects scanned: 198137
Time elapsed: 1 hour(s), 18 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
thanks very much for all your help.0 -
Now im baffled
Are you still having the problems?:idea:0 -
Not sure she was actually having problems, if you read the first post, it was only after visiting a site it opened up. Maybe the site was hacked???
Either way it would appear it was just on the website before the usual "download to clean", but the OP turned the computer off first.0 -
yes thats correct,swiched pc of but i wanted to be sure,been back to site+all seems well,
thanks to all.0 -
Least we know your ok now
:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards