Jump to content
chtamina

can't get rid of this

Recommended Posts

I keep getting this even after a scan with safe mode from admin account

Malware.Trace

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman [ C:\Documents and Settings\server\Dati applicazioni\oreaw.exe ]

don't know if it's related but whenever I connect to the internet (firewall is ON) get a message from avira stating that I'm affected by

'TR/ATRAPS.Gen2' and 'TR/Swisyn.ahlj' [trojan]'

any idea ?

beside disconnecting from the internet

thanks

Share this post


Link to post
Share on other sites

Hi Chtamina.

Please post the latest SAS scan log for review. Do not post the tracking cookies if the log contains them.

The log can be found in SAS's Preferences-->Logs/Statistics.

Share this post


Link to post
Share on other sites

Hi Chtamina.

Please post the latest SAS scan log for review. Do not post the tracking cookies if the log contains them.

The log can be found in SAS's Preferences-->Logs/Statistics.

scan with Administrator account in safe mode

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 06/22/2010 at 09:52 PM

Application Version : 4.39.1002

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type       : Complete Scan
Total Scan Time : 00:47:14

Memory items scanned      : 205
Memory threats detected   : 0
Registry items scanned    : 4636
Registry threats detected : 3
File items scanned        : 13548
File threats detected     : 0

Malware.Trace
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman [ C:\Documents and Settings\Administrator\Dati applicazioni\oreaw.exe ]
HKU\S-1-5-21-299502267-1644491937-725345543-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

everytime I restart the computer I get that file "oreaw.exe"

when I go online I get notified about the same issue, plus avira detects:

Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\0086980.exe'
è stato rilevato un virus o programma indesiderato 'TR/ATRAPS.Gen2' [trojan].
Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\068.exe'
è stato rilevato un virus o programma indesiderato 'TR/Swisyn.ahlj' [trojan].
Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\336660.exe'
è stato rilevato un virus o programma indesiderato 'TR/Drop.Agent.cgag' [trojan].
Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\EFFWWBK1\5043[1].exe'
è stato rilevato un virus o programma indesiderato 'TR/Swisyn.ahlj' [trojan].
Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\EFFWWBK1\dc1[1].exe'
è stato rilevato un virus o programma indesiderato 'TR/Drop.Agent.cgag' [trojan].
Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\2FZ8W56T\34[1].exe'
è stato rilevato un virus o programma indesiderato 'TR/ATRAPS.Gen2' [trojan].

Share this post


Link to post
Share on other sites

Thanks.

Your infection database for SAS is about two weeks old. Be sure to update SAS before running it.

Open SAS, right click on the SAS beetle icon on the lower right, click on "Check For Updates", then run a complete scan again.

If HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY appears again, then put a check in the box to allow SAS to repair that registry entry. If the oreaw entry appears again, make sure there is a check in the box as well.

Following that, if the oreaw appears in a subsequent scan, then please open a SAS support ticket, and SAS's Customer Support will assist you:

https://www.superantispyware.com/csrcreateticket.html

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...