AVG Anti-Rootkit found some files - can I delete them?

View previous topic View next topic Go down

AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 18th April 2009, 11:26 am

Here's a screenshot of the files AVG Anti-Rootkit found. Which should I delete?


[You must be registered and logged in to see this link.]

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 18th April 2009, 1:48 pm

AVG won't be able to delete them, that hidden driver is quite stubborn.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 18th April 2009, 2:13 pm

I did all the things you asked. After the reboot AVG opened and shown that some files (I think that same files as in the photo attached to my first post) are infected with Win32 Cryptor. I don't really know what this means cause Avanger was supposed to delete those files, right?

Here's the log:

Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath:  \systemroot\system32\drivers\UACqxbejxvk.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished!  Terminate.

EDIT:
AVG Antirootkit still finds one hidden driver a1ubgyk9.sys

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 18th April 2009, 4:37 pm

Just because it's a hidden driver doesn't mean it's malicious.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACqxbejxvk.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 18th April 2009, 8:13 pm

Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.

Error:  file "C:\WINDOWS\system32\drivers\UACqxbejxvk.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\UACqxbejxvk.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Am I healed? Goofy

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 18th April 2009, 8:15 pm

No, we've only stopped the main driver, now we have to kill off any traces of it.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 18th April 2009, 8:34 pm

There's one problem - the log is in my language (polish) Smile But I think the only part that actualy matters is this one:

Infected files:
C:\WINDOWS\system32\UACspttymfk.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACxeirwwsv.log (Trojan.Agent) -> Quarantined and deleted successfully.

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 18th April 2009, 8:49 pm

Doesn't matter what language, the file locations stay the same and I can use a translator to figure out the rest.

One more scan to make sure it's gone.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 18th April 2009, 9:03 pm

Yeah, I know that I need to uinstall one of the antiviruses Smile


DDS (Ver_09-03-16.01) - NTFSx86
Run by Pawel at 23:02:58,75 on 2009-04-18
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1401 [GMT 2]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated)
FW: Zapora osobista *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\inne\gva\avgwdsvc.exe
C:\Programy\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\inne\gva\avgrsx.exe
D:\inne\gva\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programy\ESET Smart Security\egui.exe
C:\Programy\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programy\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Programy\AutoConnect\AutoConnect.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programy\Open Office\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programy\Open Office\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programy\Winamp\winamp.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Programy\Opera\opera.exe
C:\Documents and Settings\Pawel\Pulpit\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = neostrada tp
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AutoConnect] c:\programy\autoconnect\AutoConnect.exe
uRun: [DAEMON Tools Lite] "c:\programy\daemon tools lite\daemon.exe" -autorun
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [egui] "c:\programy\eset smart security\egui.exe" /hide /waitservice
mRun: [WOOWATCH] c:\progra~1\neostr~1\Watch.exe
mRun: [WOOTASKBARICON] c:\progra~1\neostr~1\GestMaj.exe TaskBarIcon.exe
mRun: [WinampAgent] c:\programy\winamp\winampa.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WheelMouse] c:\programy\a4tech\mouse\Amoumain.exe
mRun: [Adobe Reader Speed Launcher] "c:\programy\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\programy\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] d:\inne\gva\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pawel\menust~1\programy\autost~1\openof~1.lnk - c:\programy\open office\openoffice.org 3\program\quickstart.exe
IE: E&ksportuj do programu Microsoft Excel - c:\programy\micros~1\office12\EXCEL.EXE/3000
IE: { - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\programy\micros~1\office12\REFIEBAR.DLL
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: {18B3AD0D-B37A-44A3-AB8D-3744D5188047} = 194.204.159.1 217.98.63.164
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\inne\gva\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-4-17 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 avg8wd;AVG Free8 WatchDog;d:\inne\gva\avgwdsvc.exe [2009-4-16 298264]
R2 ekrn;ESET Service;c:\programy\eset smart security\ekrn.exe [2009-2-6 727720]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-4-4 80392]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-4-4 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-4-4 684265]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2008-4-15 3584]

=============== Created Last 30 ================


==================== Find3M ====================

2009-04-04 21:36 361,344 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-04 21:06 448,348 a------- c:\windows\system32\perfh015.dat
2009-04-04 21:06 74,450 a------- c:\windows\system32\perfc015.dat
2009-04-04 20:03 315,392 a------- c:\windows\HideWin.exe
2009-04-03 22:53 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-03 21:57 21,856 a------- c:\windows\system32\emptyregdb.dat
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-02-26 00:58 3,565,568 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 23:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 23:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 23:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 23:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 23:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 23:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 23:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 23:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 23:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 23:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 23:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 23:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 22:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 22:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 22:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 22:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 22:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 22:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 22:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 22:37 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-25 22:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 22:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 22:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 22:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 22:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-01-26 19:55 182,995 a------- c:\windows\system32\atiicdxx.dat
2009-01-21 17:11 473,600 a------- c:\windows\system32\SkanerOnline.dll

============= FINISH: 23:03:12,92 ===============

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 18th April 2009, 9:21 pm

Looks good, one last thing to do.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Nath4N on 19th April 2009, 12:23 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0 - Polish
ADSL Modem
AGEIA PhysX v7.07.09
Apple Software Update
Archiwizator WinRAR
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoConnect v0.1.2.5
AVG 8.5
AVG Anti-Rootkit Free
BearShare
Browser Configuration Utility
Catalyst Control Center - Branding
DAEMON Tools Toolbar
Energy Saver Advance B8.0729.1
ffdshow [rev 2832] [2009-03-28]
Gadu-Gadu 7.7
HijackThis 2.0.2
iOfficeWorks 7.80
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.0_03
Java(TM) 6 Update 13
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office Word MUI (Polish) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
My Global Search Bar
NAPIPROJEKT 1.0.6.2
neostrada tp
Nokia Connectivity Cable Driver
OpenAL
OpenOffice.org 3.0
Opera 9.63
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Skaner on-line mks_vir
SopCast 3.0.1
The Godfather™ II
VideoLAN VLC media player 0.8.6f
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
xp-AntiSpy 3.97-2

Nath4N
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-04-18
OS OS : XP Home SP3
Points Points : 28021
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AVG Anti-Rootkit found some files - can I delete them?

Post by Belahzur on 19th April 2009, 2:21 pm

I see that you are running BearShare.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BearShare is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • BearShare
  • Java 2 Runtime Environment, SE v1.4.0_03
  • My Global Search Bar
  • xp-AntiSpy 3.97-2

I see you have VLC player installed. You are running an old versions and needs updating.

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum