W32/Induc.A

[geek hoodlum]

Hi CH buddies,

My Avira AntiVir Personal found this one: W32/Induc.A

I searched this Malware in Avira's resources but they don't have any definitions for this. So I Googled-out and here's I found from Symantec and Sophos

My AntiVir said that the file was moved to quarantine. But when I checked my AntiVir Quarantine, there is no malware there.

I followed the steps here. But I'm not sure if I'm still infected by W32/Induc.A

Attached are the logs. Please advise.

[attachment deleted by admin]

[Karnac]

Go here for self help

http://www.computerhope.com/forum/index.php/topic,81761.0.html

Paste your HJT log into the window of the process tool and follow the instructions at the end to remove the problems....

[geek hoodlum]

Ok. Here is My HijackThis report.

[Karnac]

Ok, so follow the directions at the end for cleaning your machine, then run another malwarebytes scan and see how the machine runs.

Follow the instructions here to clear System Volume Information after you have finished all scans.

http://www.computerhope.com/issues/ch000775.htm

[geek hoodlum]

Hi Karnac,

I fixed the following:

• R0-R4 section
• o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\micros~2\office12\gr99d3~1.dll
• o4 - hkus\s-1-5-19\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'local service')
• o4 - hkus\s-1-5-20\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'network service')
• o4 - hkus\s-1-5-18\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'system')
• o4 - hkus\.default\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'default user')

Re-run HijackThis, please see attached log.
Re-run another MBAM scan, please see attached log.
Disabled Microsoft Windows XP System Restore.

[attachment deleted by admin]

[Karnac]

How is your computer running?


Remember to enable system restore.

[kpac]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

You may also want to check this entry. Some consider it spyware as it tracks your behavior and sends it to Realtek.

[geek hoodlum]

How is your computer running?

Remember to enable system restore.

My machine runs fine. Wait, what exactly do you mean? Should I enable or disable my system restore? 'Cause the link you gave shows an instruction on how to disable the system restore.

[Karnac]

In System properties>system restore......Make sure the box is unchecked and Status says Monitoring

You turn it off and then turn it back on to purge any restore points that are infected.

[geek hoodlum]

You may also want to check this entry. Some consider it spyware as it tracks your behavior and sends it to Realtek.

Done kpac. Please see attached log.

In System properties>system restore......Make sure the box is unchecked and Status says Monitoring

You turn it off and then turn it back on to purge any restore points that are infected.

Done Karnac.

[attachment deleted by admin]

[kpac]

Done kpac. Please see attached log.

Can't see much else. How're you running?

[geek hoodlum]

Hi kpac, my machine runs fine. Oh BTW, please check this news related to this malware. Just got it from Google. 

[kpac]

Interesting, thanks.