Win32:PurityScan-AF [Trj]

Discussion in 'Malware Help (A Specialist Will Reply)' started by hala3ammi, Sep 20, 2007.

  1. hala3ammi

    hala3ammi Private E-2

    my pc is infected with Win32:purityScan-AF [Trj]

    i need someone's help in removing it as my antivirus wasn't able to. please find hijackthis log attached.
     

    Attached Files:

    hala3ammi, Sep 20, 2007
    #1
  2. abri

    abri MajorGeek

    Hi Hala!
    Sorry your computer's infected. Please follow the instructions and links in the box and post the requested logs back to us.

    abri
     
    abri, Sep 20, 2007
    #2
  3. hala3ammi

    hala3ammi Private E-2

    Thanks Abri, i will work on it.
     
    hala3ammi, Sep 20, 2007
    #3
  4. hala3ammi

    hala3ammi Private E-2

    my connection is really slow, can i skip the online scanning step?
     
    hala3ammi, Sep 23, 2007
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes..though we may ask you to do so later.
     
    TimW, Sep 23, 2007
    #5
  6. hala3ammi

    hala3ammi Private E-2

    DSL 128
    i have ran countersky
     
    hala3ammi, Sep 23, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay thanks! I deleted my message after I posted those questions because I had not seen TimW's post. Just skip the online scans for now like Tim said.
     
    chaslang, Sep 23, 2007
    #7
  8. hala3ammi

    hala3ammi Private E-2

    thanks chaslang & Tim
     
    hala3ammi, Sep 23, 2007
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please pay attention to the instructions with HJT ....it needs to be renamed to C:\Program Files\Trend Micro\HijackThis\analyse....
     
    TimW, Sep 23, 2007
    #9
  10. hala3ammi

    hala3ammi Private E-2

    already done :)
     
    hala3ammi, Sep 23, 2007
    #10
  11. hala3ammi

    hala3ammi Private E-2

    i have made all scans but the online ones.

    CCleaner, search and destroy, counterspy, shownew, getrunkeys and hjt were all executed in safe mode.

    3 files attached, the rest in the next post.
     

    Attached Files:

    hala3ammi, Sep 24, 2007
    #11
  12. hala3ammi

    hala3ammi Private E-2

    HJT log
     

    Attached Files:

    hala3ammi, Sep 24, 2007
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As per the instructions in step 7, you must attach HijackThis logs that were obtained in normal boot mode. Yours was from safe mode. Please attach a new one from Normal Boot mode.

    Also please uninstall the CounterSpy trial now since we are finished with it.

    Also uninstall this: J2SE Runtime Environment 5.0 Update 9

    Where did Avast find this infection? Do you have a log? Was it just in System Volume Information which is System Restore?
     
    chaslang, Sep 24, 2007
    #13
  14. hala3ammi

    hala3ammi Private E-2

    - CounterSpy and Java 5.0 were uninstalled.
    - Attached HJT (new) log as well as Avast log.

    as for Avast, i ran the scan last night in normal mode not in safe mode. additionally, i have turned off the System restore before starting the whole cleaning procedure and still off.
     

    Attached Files:

    hala3ammi, Sep 24, 2007
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    According to your log from Avast, those detections for PurityScan were in System Restore and since you disabled System Restore they are already gone. You had older detections of PurityScan back in July of 2007 but those are already gone. I don't see any signs of an active PurityScan infection on your PC.
     
    chaslang, Sep 24, 2007
    #15
  16. hala3ammi

    hala3ammi Private E-2

    is my pc clean now? shall i turn system restore on?
     
    hala3ammi, Sep 25, 2007
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes and yes!

    Then I suggest that you delete that Avast log so that it no longer shows all that old information. This way any new scans will only show current problems.

    You should also work thru the below:

    How to Protect yourself from malware!
     
    chaslang, Sep 25, 2007
    #17
  18. hala3ammi

    hala3ammi Private E-2

    thank you so much for your help and patience.
     
    hala3ammi, Sep 25, 2007
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Sep 25, 2007
    #19
  20. hala3ammi

    hala3ammi Private E-2

    one more question please, shall i uninstalled windows defender and installed a-squared (a²) Free edition instead?
    is is better to boot my pc using selective startup instead of normal startup?
     
    hala3ammi, Sep 26, 2007
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Windows Defender and a-squared are not the same kind of applications and do different things. Read the How to protect link I gave you.

    Your PC should be running in normal startup mode. Selective startup should only be used to do temporary debugging.
     
    chaslang, Sep 26, 2007
    #21

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds