Hey everybody, so i'm having some issues w/ a trojan virus that avast and
spybot S&D have detected during scans. The folder location is under program
files/ pc health center, as far as i understand, PC health center is spyware
that runs as legitimate antivirus software, making it difficult to detect.
I'm currently using avast, spybot search and destroy and adaware (all free
versions). Avast and spybot both pickup malicious files in the PC Helath
center folder, but i'm unable to move the file to the avast chest or delete
it w/ any of the antivirus programs i have. I've also ran several boot scans
but am unable to perform any action on these supicious files, ther's always
an error message and i can't do anything w/ the files. I've even tried to
erase the files w/ the eraser program using a psuedorandom 3X overwriting
data pass, but am unable to. 411 - spyware.com claims to have manual
instructions for complete removal of the pc health center folders / files /
registry etc., they also claim that for 30$ you can purchase their software
which will automatically remove all related components of the PC Health
Center infection. Mcafee says that the site seems safe, but other sites have
said that 411 - spware.com will install spyhunter which contains junk i
don't want. I'm unclear of who to trust and what i should do, has anyone
dealt w/ this same problem? I've done some minimal research and it seems
that PC Health Center (under program files) is something i should remove
from my computer, any advice, any help is greatly appreciated, thanks.
Preferred practice is to 'flatten' and rebuild a computer that has been
exposed to malware.
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
http://support.microsoft.com/kb/918884
http://www.winsupersite.com/showcase/winvista_upgrade_clean.asp
http://www.5starsupport.com/tutorial/vista-clean-install.htm
It is defenitely advantageous to create an 'image' of the operating system
and create a data/file backup of the affected PC.
The image can then restored to the impacted PC and the user's data/file is
subsequently restored to the operating system.
An experienced and properly prepared user can do that in substantial less
time than scanning with complex and sophisticated AV applications.
Alas, since many users are less prepared and/or lacking the experience;
Scanning with an AV apps. is the only option, unless the user consults a
computer technician.
1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.
2.Clean HDD
Delete files using Disk Cleanup
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx
3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
*--and/optional--*
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
a) Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
b) Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
c) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html
NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.
Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!
To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.
BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.
Both free versions of MBAM and SAS are on-demand scanners and offer no
'real-time' protection. Keep them installed and use them as
'second-opinion' scanner which is purposely (by design) recommended by
their respective authors.
After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
Malwarebytes Researcher of MBAM.
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html
4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.
5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista
How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista
GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php
For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0
CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...(*Tune out the registry scanning/fixing option!*)
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
--or--
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/
Good luck
