Malware files that will not be removed

Hi,

I have Avast 5 and it scanned and found two malware files.

Here is the picture,



They will not be deleted or to be moved to Chest.

I can't get the whole information from that folder because it won't allow me to check from Avast.

I also used two malware scanners. They found nothing about those two malware files. They also found some files from Spyware.MarketScore.

Here is the log from malwarebyte,

Malwarebytes' Anti-Malware 1.44
Database version: 3765
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
2/20/2010 11:36:49 AM
mbam-log-2010-02-20 (11-36-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 248267
Time elapsed: 35 minute(s), 35 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 13
Memory Processes Infected:
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.


Those files above are quarantined right now, not deleted yet.

Please help me. Thank you.

Hallo Chimp78, Malwarebytes needs a restart to remove some of those nasties or have you done that since you posted the log?

After that i would suggest doing another quick scan with mbam see if anything else crops up. Then run disk clean up.

Once mbam gives you a clean report i would suggest run a manual definitions update on Avast then run a Boot time scan.

This will scan your whole OS before Windows loads so it can remove nasties that it cant while Windows is up & Running

EDIT; those files that are Quarintined are perfectly safe there dont worry about deleting them yet

EDIT; If this still does not remove the files found by Avast i had a look @ Avast Forums & it seems some people have had success useing Superantispyware;
I have attached a download link it is a free program & is highly recommended by many of our members

http://www.superantispyware.com/download.html

I have been used malwarebyte several times today, right now there are no viruses, except that there are several ones from yesterday, still are quaratined.

I can't do the boot time scan because I have 64-bit, and it only requires 32-bit for now. I will try SuperAntiSpyware. I will let you all know how it turns out. Thanks.

chimp78 said:

I have been used malwarebyte several times today, right now there are no viruses, except that there are several ones from yesterday, still are quaratined.

I can't do the boot time scan because I have 64-bit, and it only requires 32-bit for now. I will try SuperAntiSpyware. I will let you all know how it turns out. Thanks.

Click to expand...

Ah yes of course 64 bit! so long as they are in quarintine they are safe.

Just be aware that if you do a system restore the restore points may be infected, but they are safely contained there as well

You can delete them later once you are sure everything is ok (your better having an infected restore point than none at all if you have no other option.)

You may also find that after removing all that malware some programs may not run properly, so you may have to reinstall some programs

If you have trouble with system files you can run sfc /scannow & check disk there are tutorials on these in our tutorial section

I tried the SuperAntiSpyaware and it found over 160 Trojan.Agent/Gen-JeJe and Adware.Tracking Cookie. They are now removed. Thanks.

chimp78 said:

I tried the SuperAntiSpyaware and it found over 160 Trojan.Agent/Gen-JeJe and Adware.Tracking Cookie. They are now removed. Thanks.

Click to expand...

Your welcome. Wow that is a pretty impressive result from Superantispyware

All i can suggest for now is run a few more scans over the next couple of days till you are sure your system is clean (update your scanners before each scan)

See how your operating system performs over this period.

I hope it all goes smooth for you now

EDIT; There is a good chance your removable media (usb flashdrives etc.)
It would be a good idea to disable autoplay & scan any that you have;

http://www.vistax64.com/tutorials/78021-autoplay-settings.html

Just to appease my own curiosity if you still have the scan results from S.A.S. i would greatly appreciate having a look at the log?

Hi,

Do you mean I disable AutoPlay Settings before scanning? I don't think there is a log, but I will try it again and check to see if there is one.

chimp78 said:

Hi,

Do you mean I disable AutoPlay Settings before scanning? I don't think there is a log, but I will try it again and check to see if there is one.

Click to expand...

Yes disable autoplay before plugging them in, then scan them without opening them (If the scanner doesnt have a checkbox just go into My Computer & right click on the drive useing the scan options in your context menu)

Dont worry to much about the logs i was just curious as to how many of the detected items were tracking cookies

Ok, I got it. I only have USB. Does it also count as CD and DVD as well?

I think there are approx over 60 tracking cookies.

chimp78 said:

Ok, I got it. I only have USB. Does it also count as CD and DVD as well?

I think there are approx over 60 tracking cookies.

Click to expand...

OK thanks, I think Superantispyware has just gone up in the ranks on my recommended antimalware/spyware solutions lol

It would pay to do the CD/DVD as well but if there infected all you can do is throw them out unless they are wrewritable you can format them but CD's are cheap

If they have Movies on them you could probably still watch them with a DVD player on your T.V.

Does disabling AutoPlay Setting count for CD and DVD as well? Thanks.

chimp78 said:

Does disabling AutoPlay Setting count for CD and DVD as well? Thanks.

Click to expand...

Yea the tutorial link i provided; if you uncheck the box it will disable auto play for all media devices which is CD/DVD as well

When you are sure your O.S. is clean of malware & your computer seems to be running OK you should run disk clean up;

http://www.vistax64.com/tutorials/76073-disk-cleanup.html

Then turn System Restore off (this will delete all restore points which may still be infected) & then turn System Restore back on & create a new Restore point;

http://www.vistax64.com/tutorials/66971-system-restore.html

Then run check disk;

http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

After this run System files command this will check for and attempt to repair any corrupted System files, please note that this can only fix one problem at a time so you may have to run it several times;

http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html

To finish things off run your disk defragmenter;

http://www.vistax64.com/tutorials/72832-disk-defragmenter.html