win32 adware gen [Resolved]

[Guest]

[stuartm]

My avast 4.7 has found this adware, no mattert how many times i delete it the thing returns ! Herlp would be appreciated

[~cat~]

Hi stuartm,
Do you have the last release of CBO installed and updated?

[stuartm]

Yes i have! Tried trends housecall aswell! It keeps coming back

[~cat~]

When you say "It keeps coming back", are you saying Avast detects it on a manual scan?
What is the name and location of the detected file?

[stuartm]

Avast detects it during normal protection! It says i have a sign of win32 adware found in the c files. Stuart

[stuartm]

That should have been win32 adware gen[adw]

[~cat~]

Avast detects it during normal protection! It says i have a sign of win32 adware found in the c files.

Can you be more specific as to the name and location of the detected file(s)?
Did you turn off System Restore?

[stuartm]

Avast says its a virus in local disc c originally it was called something like spam blockability no i havent turned off system restore or done a restore!

[stuartm]

avast mentioned it was in karnell32.dll c:\windows\system 32 & winsock.dll

[~cat~]

Couple more things.. Has CBO updated?
Try rebooting to see if CBO sees it then.
Turn off your System Restore so it doesn't cache a copy then re-scan in safe mode to see if your AV will catch it then.

[stuartm]

Boclean upto date. I'm new at this game could you run me through how i do your to suggestions

[~cat~]

Sure, assuming your running an NT OS such as 2k or XP and not anything earlier...
First, to turn off your System Restore you'll need to access your "System Properties" (which can be done by right clicking the "My Computer" icon either on your desktop or in your Start menu) and choosing "Properties".
In the System Properties window, click on the "System Restore" tab and check the box "Turn off System restore on all drives" and then hit the "Apply" button.
To turn it back on simply recheck the box and apply again. Rescan with AV.

Next, turn your computer off and restart it, this allows CBO a chance to kill the infection before it initializes.
If CBO doesn't see anything at this point you'll want to get into safe mode.
Restart your computer again but this time as your computer restarts but before Windows launches, press F8.
Use the arrow keys to highlight the safe mode option, and then press ENTER.
There might be a prompt asking if you want to use System Restore that you'll have to decline.
After you're logged into your account see if you can run your AV scan.

[stuartm]

Virus seems to have been deleted now! If it returns i shall do what you advised. When i turn off (apply)system restore im told if i press yes all restore points will be lost is this advisable? Thanks

[~cat~]

Virus seems to have been deleted now!

May I inquire what you did that deleted it?

If it returns i shall do what you advised. When i turn off (apply)system restore im told if i press yes all restore points will be lost is this advisable? Thanks

That is correct, once System Restore is seeded with an infection, there's no point in keeping the restore points unless you want to re-infect your box.

[stuartm]

Yes i ran superantispy, lavasoft adware and trend micro all had adware for me to remove since then avast has detected nothing. I have also scanned online with a squared scan only that detected nothing. I now remember how i got this adware it was on a site where an item appeared which said press now  to recieve no spam! Stupidly i pressed cos my attention was elsewhere(think it was called spamblockability) Thanks Stuart. ps I hope it don't come back

[Tags:]