You are not logged in.

Thursday, April 17th 2014, 12:03am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

1

Friday, March 22nd 2013, 6:59pm

HTML/DSPark.B won't go away

Hi,

I'm using Avira Anti-Virus Free 12.1.9.1236
Virus database seems to be up to date.

I keep getting a security alert message from Avira saying that it found HTML/DSPark.B in C:\Documents and Settings\...\gspwjg[1].htm
Access to this file was denied.

I was able to find this file on my disk. When I try to remove the read-only access it doesn't take. I don't get an error, the permission just doesn't change.

When I hit the "Remove" button on the security alert I get the "System is being scanned" popup which appears to finish.

This happens over and over again periodically.

How do I get rid of this virus?

Thanks.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

2

Sunday, March 24th 2013, 10:31am

Hi,

Did you clean the browser cache?

Also, scan your PC with the help of ESET Online Scanner
Note: Disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

- Once you have downloaded the file, double click on the icon on your desktop.
- Accept the "Terms of Use".
- Click "Start" button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked.
-When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
Post back the scan report.
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

3

Friday, March 29th 2013, 5:16am

Hi,

Thank you for your reply. Here's the output of that report:

C:\Documents and Settings\Dave\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\Documents and Settings\Dave\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\spike\Fun Stuff\Full_Felix21.exe Win32/Joke.ScreenMate application
C:\utils\Avira\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\WINDOWS\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

4

Friday, March 29th 2013, 6:43pm

Hi,

Do you still receive the detection?

Did you clean the browser cache?
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

5

Saturday, March 30th 2013, 6:34am

Yes to both questions.

As far as cleaning the browser cache, which browser are you referring to? I use FF 19.0.2. I cleared the cache via Tools:Clear Recent History.

Is there anything else I should clear out?

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

6

Saturday, March 30th 2013, 2:45pm

Hi,

Please look here

Also: How to Clear Your Browser's Cache
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

7

Saturday, March 30th 2013, 11:08pm

I did both of those things and I still get the virus reports.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

8

Sunday, March 31st 2013, 8:49pm

Hi,

Please do the following:

  1. Please download OTL from the link below:
  2. Save it to your desktop/
  3. Double click on the icon on your desktop.
  4. OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  5. Copy and Paste the following code into the textbox.
  6. Don't copy the word "quoted"

    Quoted


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Application Data\*.
    %USERPROFILE%\Local Settings\*.*
    %USERPROFILE%\Local Settings\temp\*.exe
    %USERPROFILE%\Local Settings\Temporary Internet Files\*.exe
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %AllUsersProfile%\Application Data\*.
    %AllUsersProfile%\Application Data\Local Settings\*.*
    %AllUsersProfile%\Application Data\Local Settings\Temp\*.exe
    %ALLUSERSPROFILE%\Documents\My Music\*.exe
    %ALLUSERSPROFILE%\Documents\My Pictures\*.exe
    %ALLUSERSPROFILE%\Documents\My Videos\*.exe
    %ALLUSERSPROFILE%\Documents\*.exe
    %USERPROFILE%\My Documents\*.*
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.*
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    %systemroot%\system32\config\systemprofile\*.*
    %systemroot%\system32\config\systemprofile\Application Data\*.*
    %systemroot%\system32\config\systemprofile\\Local Settings\*.*
    %systemroot%\system32\config\systemprofile\\Local Settings\Application Data\*.*
    %systemroot%\system32\config\systemprofile\\Local Settings\Temp\*.exe
    %systemroot%\system32\config\systemprofile\\Local Settings\Temporary Internet Files\*.exe
    C:\Documents and Settings\LocalService\Application Data\*.*
    C:\Documents and Settings\LocalService\Local Settings\Application Data\*.*
    C:\Documents and Settings\LocalService\Local Settings\temp\*.exe
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\*.exe
    C:\Documents and Settings\LocalService\Local Settings\*.*
    C:\Documents and Settings\LocalService\*.*
    C:\Documents and Settings\NetworkService\Application Data\*.*
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.*
    C:\Documents and Settings\NetworkService\Local Settings\temp\*.exe
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\*.exe
    C:\Documents and Settings\NetworkService\Local Settings\*.*
    C:\Documents and Settings\NetworkService\*.*
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    svchost.exe
    explorer.exe
    userinit.exe
    winlogon.exe
    smss.exe
    lsass.exe
    atapi.sys
    iaStor.sys
    serial.sys
    disk.sys
    volsnap.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    tcpip.sys
    ipsec.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  7. Push the button.
  8. One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

9

Monday, April 1st 2013, 6:02pm

I followed your instructions and it seems to hang on "Scanning FireFox settings..." I did exit FireFox before running the scan.
BTW, your pastebin link is just to "pastebin.com". Did you have a specific entry that you wanted me to respond to?

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

10

Monday, April 1st 2013, 7:21pm

Hi,

Please disable all antivirus/antimalware software before running OTL.

BTW, your pastebin link is just to "pastebin.com". Did you have a specific entry that you wanted me to respond to?


Just copy/paste the content of the OTL.txt directly to pastebin.com and post back the link.
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

11

Monday, April 1st 2013, 8:10pm

I take that back. It wasn't hanging, it simply took a long time. I let it go for a while and it completed.

Here's the paste: http://pastebin.com/T3B5FnCC

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

12

Monday, April 1st 2013, 10:38pm

Hi,

Your system is heavily infected...

Please do the following:

1. Download and install these three patches from MS:
http://technet.microsoft.com/en-us/secur…lletin/ms08-067
http://technet.microsoft.com/en-us/secur…lletin/ms08-068
http://technet.microsoft.com/en-us/secur…lletin/MS09-001

2. Make sure your system has all updates

3. Disable autorun function in Windows

4. Download ATF Cleaner directly to your desktop it is stand alone so you do not have to set it up. Run it as follows.
Double click ATF-Cleaner.exe (dustbin icon) to run the program.
Choose "Select all" and click "Empty selected".

5. Download and run KidoKiller. Post back the report. The report is created called report.txt in the kidokiller folder after unzip.

6.
  • Please download Combofix from here.

  • Save it to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.

  • Click on Yes, to continue scanning for malware.

  • When finished, it will produce a log for you.

  • Please include the C:\ComboFix.txt in your next reply.

  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

13

Tuesday, April 2nd 2013, 6:09am

Hi,

I followed the directions. KidoKiller produced the following:

completed
Infected jobs: 0
Infected files: 0
Infected threads: 0
Spliced functions: 0
Cured files: 0
Fixed registry keys: 0

Here's the output from Combofix: http://pastebin.com/HxJyMi5U

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

14

Tuesday, April 2nd 2013, 7:28pm

Hi,

1. Open Notepad and copy/paste the text in the below code box into Notepad (don't copy the words Source code and the numbers before each line :!: ):

Source code

1
2
3
4
5
Driver::
XDva021

File::
c:\windows\system32\XDva021.sys


Once you have saved the document as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
Close all programs, browsers etc. and disable Avira.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe.

When finished, it will create a log at C:\ComboFix.txt which you must copy/paste in your next reply.
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

15

Saturday, April 6th 2013, 5:42pm

I ran ComboFix as stated. The output is here: http://pastebin.com/QR4JgsRz

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

16

Saturday, April 6th 2013, 11:59pm

Hi,

What about detection from Avira?
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

17

Monday, April 8th 2013, 1:21am

I just ran a full scan and got no detections.

Thank you so much for you help. Your support through this process has been absolutely stellar.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

18

Monday, April 8th 2013, 11:47am

Hi,

Lets recheck your system:

1.
Please download the newest version of Malwarebytes' Anti-Malware and install it.
Please start the application by double-click on it's icon.
Once the program has loaded go to the UPDATE tab and check for updates.
When the update is complete, select the Scanner tab
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to a convenient location and post the results in your next reply.

2. Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Scotty is currently on patrol


  • "dfranney" started this thread

Date of registration:
Mar 22nd 2013

Version:
Avira Free Antivirus

Operating System:
Windows XP

  • Send private message

19

Thursday, April 11th 2013, 3:51pm

Here are the results of Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.11.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: DAVESPC [administrator]

4/11/2013 6:29:25 AM
mbam-log-2013-04-11 (06-29-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252573
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here are the results of Security Check:

Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 17
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 35
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox 19.0.2 Firefox out of Date!
Mozilla Thunderbird (17.0.5)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

20

Thursday, April 11th 2013, 7:36pm

Hi,

I'm going to give you the final recommendations:

1 Lets remove ComboFix: Click on Start -> Run...
Now type in ComboFix /Uninstall into the run-box and click OK.
N.B! The space between the X and the /Uninstall, it needs to be there.



2. Navigate to the Programs and Features, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

3. Open OTL and click CleanUp. Restart your PC

4. Download to your Desktop:
- CCleaner Portable
Run CCleaner as Administrator
  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:

  • Click and choose
  • Uncheck
  • Then go back to and click "Run Cleaner" to run it.
  • Exit CCleaner.


    To check your system for software that is out-of-date and in need of updating, you can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

    5. Now you must create a new system restore point. Then you must remove all previous restore points except the newly created one.
Scotty is currently on patrol