SBS_VE_AMBR_2008101... viruse/malware?

[KiLL CraZy]

so for about a few weeks now. every night, my counterspy would be scheduled to run over night and then next morning when I wake up, my symantec antivirus auto protect would be on screen waiting for me to see its results which I included in a picture below.

So i would remove it and etc etc and then the next morning, once again it will pop up after a counterspy scan, this happened for a while already so last week I did the malware removal guide to see if it fixed it, the scans didn't really detect nothing serious from what I saw.

But then still the next morning, once again, I would see my auto protect box up with threats in them, my computer hasn't been slowing down or anything, in all honesty i haven't seen anything diff, my pc runs normal with no problems, occasionally it would freeze up but other then that everything is fine.

ANyone have a clue on what these things r thats my antivirus is detecting?

[Kestrel13!]

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, You can try running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

Plus a guide on HOW TO: Attach Items To Your Post

[KiLL CraZy]

thanks for the reply kertrel, here are my logs

[KiLL CraZy]

last one

how's it looking?

through all the scans nothing came up bad, all of the scans passed.

But I guarantee if I do a full system scan with counterspy/ or antivirus, once it is complete, it will come up with those SBS stuff again...

[Kestrel13!]

Please be patient while I take a look thru your logs.
Thanks
Kes

[Kestrel13!]

Hi

I am not seeing any malware in your logs. What you have Symantec reporting is more than likely a false positive.

1) Please run the below:

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


2) If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

[KiLL CraZy]

thanks you for your help kestler, did all your steps and i guess ill just wait to see if Symantec reports those false stuff again.

Quick question, currently I use counterspy and symantec antivirus on my pc to protect against virus, etc... are those 2 good to have or do you have any recomendation on any software thats better then these two?

Once again, I greatly appreciate your help and thank you so much!

[Kestrel13!]

Hi

I personally opt to stay away from the paid for security suites as they tend to bog down the computer. I favour freeware anti-virus and anti spyware apps as I believe they do the job equally as well. I also have MBAM and SAS on all my machines. It's down to user preference and there aren't any right or wrong answers so to speak.

You're welcome for the help.
All the best
Kes