We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is this a nasty???
Comments
-
Yes.
What I think is happening (I may be wrong) is spybot detects something, encrypts it, archives it (.zip) and moves it to it's quarantine folder (%programdata%\spybot-s&d\recovery).
I think Avira interferes with that process, hence you're seeing multiple detections for the same thing.
Spybot detects wajam.exe, encrypts & archives it to create wajam.zip - then copies/moves it to the recovery folder.
Avira interferes so the process starts again, wajam.zip is already created so it appends a number to the zip - 1, 2, 3, and so on - which is why you're seeing multiple files in the recovery folder.
EG:C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar1.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar10.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\CouponBar11.zip moved successfully.C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger1.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger10.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger11.zip moved successfully.C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip moved successfully.
Uninstall Adobe Reader 9.4.5
Get the latest here: http://get.adobe.com/reader/ (uncheck the Mcafee scan)
https://www.adobe.com/support/security/#readerwin
http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012#4
Then,- Right-click OTM.exe & choose "Run as administrator"
- Allow any UAC prompt
- Click the CleanUp! button
- Select Yes when the Begin cleanup Process? Prompt appears
- If you are prompted to Reboot during the cleanup, select Yes
- The tool will delete itself once it finishes, if not, delete it yourself
See how you go.0 -
Job done, thanks again. I suppose that, in order to avoid a conflict like this, in future it would be better to disable Avira, run Spybot, then re-enable. We live and learn.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards