Win32 Delf-MZG [Trj] Virus warning when starting Faststone image viewer

[Razor]

(Note: Although this is the same virus detected by Avast as freckinerick's one I thought I should create a separate topic because it may be caused by different circumstances)

Avast just updated about 2hours ago, and then I went to use Faststone image viewer version 3 which I use all the time it came up with the above virus warning. After a bit of playing round trying to figure out why Faststone would activate a warning I uninstalled Faststone, downloaded and reinstalled version 4. When I try and start it Avast brings up the same virus alert and won't let me use Faststone. I have scanned all Faststone folders with Malwarebytes and it comes back clean. The only way I can get Faststone to work is by turning off Avast which is a pain.

I also tried to tell Avast to exclude the Faststone folders from its scan but it still comes up with the virus warning and won't let me start Fastone.

Any help would be appreciated. I know my Faststone exe is clean so why it activates Avast is beyond me.

Thanks

Razor

[Helpmeh]

Please go to http://www.computerhope.com/forum/index.php/topic,46313.0.html and follow the steps so an expert can help you.

[Razor]

Hi folks

Sorry for taking so long to get the logs. Logs are attached. Malwarebytes and Superantispyware found nothing. Hijack this is all foreign to me so ....  experts required


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2009 at 03:38 PM

Application Version : 4.15.1000

Core Rules Database Version : 4339
Trace Rules Database Version: 2191

Scan type       : Complete Scan
Total Scan Time : 01:03:12

Memory items scanned      : 724
Memory threats detected   : 0
Registry items scanned    : 7716
Registry threats detected : 0
File items scanned        : 28058
File threats detected     : 0



Malwarebytes' Anti-Malware 1.42
Database version: 3296
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

5/12/2009 12:19:31 p.m.
mbam-log-2009-12-05 (12-19-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 241323
Time elapsed: 1 hour(s), 26 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



[Saving space, attachment deleted by admin]

[SuperDave]

Hello Razor and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I'm sorry for the delay. Everyone is busy. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Razor]

Hi SD

Pleased to meet you, and glad to have you helping me out. Attached are the requested logs.

One item of potential relevance to note was that a warning came up on combofix saying I still had my Antivirus running. I  had closed down my Antivirus as instructed (I run Avast) After the warning I even used task manager and service manager to close all processes etc... related to Avast to make sure I closed everything. When I clicked ok the warning came up again saying that if I wished to continue I did so at my own risk.

I still ran combofix because I knew I had closed everything to do with Avast. I thought you might need to know that in case it makes a difference.


Regards

Razor

[Saving space, attachment deleted by admin]

[SuperDave]

Hello Razor. The logs look relatively clean.  There's just a few items to fix. Can you run Faststone yet.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[Razor]

Hi SD

Genius - just tried Faststone and it works. Well done. Scanned with Eset and at the end it said no threats were found. There was no option to post a log. (I'm assuming because it found no threats)


Regards Razor

[SuperDave]

That's good news Razor. We just have to do some clean-up.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.