mal/fakeavjs-a keeps popping up

Discussion in 'Malware Help (A Specialist Will Reply)' started by thatkid76, Dec 5, 2009.

  1. thatkid76

    thatkid76 Private E-2

    I will run Webroot, it finds the virus, then i can run webroot again and it isnt there....then a day or two later it is found again....here are the logs i think somthing else is wrong...please any advice...thanks




    12/2/2009 2:55:32 PM: Removal process completed. Elapsed time 00:00:08
    12/2/2009 2:55:27 PM: Quarantining All Traces: Mal/FakeAvJs-A
    12/2/2009 2:55:23 PM: Removal process initiated
    12/2/2009 2:54:47 PM: Traces Found: 1
    12/2/2009 2:54:47 PM: Full Sweep has completed. Elapsed time 01:46:36
    12/2/2009 2:54:47 PM: File Sweep Complete, Elapsed Time: 01:42:32
    12/2/2009 2:54:44 PM: Warning: Corrupt Archive: C:\Windows\winsxs\amd64_microsoft-windows-localizeddrivers_31bf3856ad364e35_6.0.6000.16386_en-us_d8b4b68e802ab022\locdrv.cab
    12/2/2009 2:53:43 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\QuickPlay\Koan\koan_3.0.zip
    12/2/2009 2:52:33 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\50824D61-F183-47f8-9376-DD3872B81B61.zip
    12/2/2009 2:52:33 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\EBF381E0-764A-4afa-B93C-6E7B50F6355C.zip
    12/2/2009 2:52:33 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\5B08E68F-CE7E-453e-8192-56CD6B1C463D.zip
    12/2/2009 2:52:32 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\BCB17497-9957-43c5-A6C6-2BCF1FA38C5F.zip
    12/2/2009 2:52:32 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\BD7AE4BA-6BD1-4afe-B603-9C2D6AC7DF66.zip
    12/2/2009 2:52:32 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\3FAC1495-9793-45b7-A957-D25B2525DA2E.zip
    12/2/2009 2:52:32 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\E4E27811-8FF2-4a04-8836-AF4DBE82CEF5.zip
    12/2/2009 2:52:32 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\1A6A37EA-1CFC-4f2f-8F43-D379ABF03B0F.zip
    12/2/2009 2:52:31 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\F23FBAB1-C2E5-4cc8-B1DF-11C5F46C2DA6.zip
    12/2/2009 2:52:31 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\C2E8262B-DC67-4bf5-AB87-CB09B5DCEBBF.zip
    12/2/2009 2:52:31 PM: Warning: Corrupt Archive: C:\Program Files (x86)\HP\Digital Imaging\data\projects\ContentPackages\525C3D3B-73C1-4b58-98C0-44711CACA222.zip
    12/2/2009 2:51:58 PM: Warning: Corrupt Archive: C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab
    12/2/2009 2:51:32 PM: Warning: Corrupt Archive: C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab
    12/2/2009 2:48:11 PM: Warning: Corrupt Archive: C:\SwSetup\sp41767\data2.cab
    12/2/2009 2:41:38 PM: Warning: Corrupt Archive: C:\SwSetup\sp43325\data2.cab
    12/2/2009 2:40:44 PM: Warning: Corrupt Archive: C:\SwSetup\Off12\US\HS07Office\PowerPoint.en-us\PptLR.cab
    12/2/2009 2:38:54 PM: Warning: Corrupt Archive: C:\SwSetup\Off12\US\HS07Office\Excel.en-us\ExcelLR.cab
    12/2/2009 2:36:54 PM: Warning: Corrupt Archive: C:\SwSetup\Inetsec\NCO\NCO\APP\nppw.zip
    12/2/2009 2:31:13 PM: Warning: Corrupt Archive: C:\SwSetup\QPW\data2.cab
    12/2/2009 2:20:08 PM: Warning: Failed to process link. Cannot open file "C:\pagefile.sys". The process cannot access the file because it is being used by another process
    12/2/2009 2:09:33 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [C:\Program Files (x86)\Sling Media\SlingPlayer\Library\us.spl]
    12/2/2009 2:08:58 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [C:\Program Files (x86)\Sling Media\SlingPlayer\Library\default.spl]
    12/2/2009 2:08:55 PM: C:\Users\megan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0AQCJJ2N\forstart-myzonescan_net[1].htm (ID = 0)
    12/2/2009 2:08:54 PM: Found Mal/FakeAvJs-A: Mal/FakeAvJs-A
    12/2/2009 1:29:01 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [C:\SwSetup\SPFS\Setup.exe]
    12/2/2009 1:12:14 PM: Starting File Sweep
    12/2/2009 1:12:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    12/2/2009 1:12:14 PM: Starting Cookie Sweep
    12/2/2009 1:12:13 PM: Registry Sweep Complete, Elapsed Time:00:01:31
    12/2/2009 1:10:41 PM: Starting Registry Sweep
    12/2/2009 1:10:41 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
    12/2/2009 1:08:14 PM: Starting Memory Sweep
    12/2/2009 1:08:11 PM: Start Full Sweep
    12/2/2009 1:08:11 PM: Sweep initiated using definitions version 1586
    12/2/2009 12:55:23 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    12/2/2009 12:55:23 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    12/2/2009 12:55:15 PM: Informational: Loaded AntiVirus Engine: 3.1.0; SDK Version: 4.47E; Virus Definitions: 12/02/2009 06:56:58 (GMT)
    12/2/2009 12:54:39 PM: License Check Status (0): Success
    12/2/2009 12:53:30 PM: Webroot Software 6.1.0.145 started
    12/2/2009 12:53:30 PM: | Start of Session, Wednesday, December 02, 2009
     
    thatkid76, Dec 5, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I assume you mean the above?? In 4 or 5 years Webroot still has not learned to provide logs that have any usefulness to end users. The above means nothing to us since it is just a generic message and does not indicate any particular file, folder, or registry key to be a problem. In all liklihood this is just a false detection or it could be something stuck in a System Volume Information folder which is System Restore. System Restore can only be cleaned by disabling System Restore and then reenabling. You may wish to try this and see what happens afterward.

    If you still have a problem after toggling System Restore, you will have to run our READ & RUN ME FIRST. Malware Removal Guide so we can determine if you really have any malware problems and whether WebRoot is just failing to remove the infection which is also a possibility.
     
    chaslang, Dec 7, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds