Pages in History not been visited??

waddler_8

Thank you. Whilst I go through that, download this and save it to your desktop. This may take a short while longer as it will do a quick scan with Avast's virus definitions.

http://public.avast.com/~gmerek/aswMBR.exe

When you've downloaded it...

• Double click aswMBR.exe to run it (XP)
• Click Yes when prompted to scan with Avast virus definitions
  
• With the AVscan set to Quick Scan, click the Scan button.
  
• Wait whilst the program scans your computer.
  
  
• When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
• Click EXIT.
• Copy & paste the contents of aswMBR.txt & post it here.

Don't click to fix anything yet, just post the log.

wen

Have just tried to run the Avast scan and about 10 minutes in it has come up with avast antirootkit has encountered a problem and needs to close.
should I send error report and then try it again?
thanks

waddler_8

Yes, try again.

If it does it again, where you see AvScan: Quick scan, change the quick scan to (None) from the drop down box and see if it completes. It will take a lot shorter time that way anyway.

I'm nipping out to the gym now so I'll take a look later.

wen

the data in the error report says:-
AppName aswmbr[1].exe AppVer0.9.9.1665 ModName: aswmbr[1].exe
ModVer 0.9.91665 Offset 00005b96

if thats any help?

wen

oops sorry didnt see your reply lol no worries will try again and post the log. many thanks
Wen

wen

here is the aswMBR log:-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 19:42:19

---

19:42:19.031 OS Version: Windows 5.1.2600 Service Pack 3
19:42:19.031 Number of processors: 1 586 0x2C02
19:42:19.031 ComputerName: WINDOWS UserName:
19:42:21.375 Initialize success
19:42:38.375 AVAST engine defs: 12032701
19:42:50.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
19:42:50.984 Disk 0 Vendor: Maxtor_6 BANC Size: 156334MB BusType: 1
19:42:51.015 Disk 0 MBR read successfully
19:42:51.015 Disk 0 MBR scan
19:42:51.109 Disk 0 Windows XP default MBR code
19:42:51.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 156319 MB offset 63
19:42:51.250 Disk 0 scanning sectors +320143320
19:42:51.531 Disk 0 scanning C:\WINDOWS\system32\drivers
19:43:13.343 Service scanning
19:43:42.312 Modules scanning
19:44:03.562 Disk 0 trace - called modules:
19:44:03.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS viamraid.sys
19:44:03.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85993ab8]
19:44:03.593 3 CLASSPNP.SYS[f758cfd7] -> nt!IofCallDriver -> \Device\00000066[0x859944d8]
19:44:03.593 5 ACPI.sys[f7413620] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x85992030]
19:44:05.734 AVAST engine scan C:\WINDOWS
19:44:19.375 AVAST engine scan C:\WINDOWS\system32
19:49:21.093 AVAST engine scan C:\WINDOWS\system32\drivers
19:49:48.140 AVAST engine scan C:\Documents and Settings\Windows XP
19:56:58.484 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\14.tmp **INFECTED** Win32:Miep-C [Trj]
19:57:14.046 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
19:57:16.359 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
20:06:43.093 AVAST engine scan C:\Documents and Settings\All Users
20:08:37.656 Scan finished successfully
20:09:43.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Windows XP\Desktop\MBR.dat"
20:09:43.531 The log file has been saved successfully to "C:\Documents and Settings\Windows XP\Desktop\aswMBR.txt"

hope thats right
thanks

waddler_8

Go to start > control panel > Programs > programs and features.

Uninstall Adobe Reader X (10.0.1)
& Java Auto Updater
Java(TM) 6 Update 20

Install the latest Adobe reader from here:
http://get.adobe.com/uk/reader/
(Uncheck any extra downloads offered on the webpage, Mcafee security scan, toolbars etc)

Install the latest java from here:
http://java.com/en/download/index.jsp
(pay attention to the installer and uncheck any toolbars or extra downloads)After you have uninstalled and reinstalled the newer versions, reboot then do this.

It will close all running programs and kill processes including windows explorer, so your desktop will disappear - This is only temporary whilst the program runs - Everything will return on reboot.

Download TFC to your desktop;

http://oldtimer.geekstogo.com/TFC.exe

• Save any unsaved work. TFC will close all open application windows.
• Double click TFC.exe to run it.
• Click the Start button in the bottom left of TFC
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

wen

We have done all the above steps, it removed and rebooted and all seems to be working ok at the moment (fingers and toes crossed!!)

Is there anyway of knowing what it was that was causing the problems or where it may have come from? If not not to worry you have been more than helpful and we can't thank you enough for all your help!!
Many Thanks
Wen

waddler_8

See how you go - There wasn't much showing there in the logs. What I had you do was more of a precursor to further steps - I didn't exactly expect that to sort things. But, if it has, all's well - Let me know how it goes.

waddler_8

To explain a bit further, aswMBr detected some files in your temp folders - Running TFC cleared those temp folders.

wen wrote: »

19:44:05.734 AVAST engine scan C:\WINDOWS
19:44:19.375 AVAST engine scan C:\WINDOWS\system32
19:49:21.093 AVAST engine scan C:\WINDOWS\system32\drivers
19:49:48.140 AVAST engine scan C:\Documents and Settings\Windows XP

19:56:58.484 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\14.tmp **INFECTED** Win32:Miep-C [Trj]

19:57:14.046 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen

19:57:16.359 File: C:\Documents and Settings\Windows XP\Local Settings\Temp\_av4_\data\updldr0.bin**INFECTED** Win32:Malware-gen

20:06:43.093 AVAST engine scan C:\Documents and Settings\All Users

The two generic detections (Win32:Malware-gen) are Avast's own files.

aswar0.dll
updldr0.bin

The other,14.tmp was detected as Win32:Miep-C [Trj]. There isn't a great deal of information on the Miep family of malware - it looks very new.

Here's all I could find:

http://www.threatexpert.com/report.aspx?md5=565a2beb29183a9ce5614b1122184e07

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FMiep.A