We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Is this a nasty???

Options
124»

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Yes.

    What I think is happening (I may be wrong) is spybot detects something, encrypts it, archives it (.zip) and moves it to it's quarantine folder (%programdata%\spybot-s&d\recovery).

    I think Avira interferes with that process, hence you're seeing multiple detections for the same thing.

    Spybot detects wajam.exe, encrypts & archives it to create wajam.zip - then copies/moves it to the recovery folder.

    Avira interferes so the process starts again, wajam.zip is already created so it appends a number to the zip - 1, 2, 3, and so on - which is why you're seeing multiple files in the recovery folder.

    EG:
    C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar1.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar10.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar11.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger1.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger10.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger11.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip moved successfully.

    Uninstall Adobe Reader 9.4.5

    Get the latest here: http://get.adobe.com/reader/ (uncheck the Mcafee scan)

    https://www.adobe.com/support/security/#readerwin

    http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012#4


    Then,
    • Right-click OTM.exe & choose "Run as administrator"
    • Allow any UAC prompt
    • Click the CleanUp! button
    • Select Yes when the Begin cleanup Process? Prompt appears
    • If you are prompted to Reboot during the cleanup, select Yes
    • The tool will delete itself once it finishes, if not, delete it yourself

    See how you go.
  • shown73
    shown73 Posts: 1,268 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Job done, thanks again. I suppose that, in order to avoid a conflict like this, in future it would be better to disable Avira, run Spybot, then re-enable. We live and learn.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 598.9K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture