chtamina Posted June 22, 2010 I keep getting this even after a scan with safe mode from admin account Malware.Trace HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman [ C:\Documents and Settings\server\Dati applicazioni\oreaw.exe ] don't know if it's related but whenever I connect to the internet (firewall is ON) get a message from avira stating that I'm affected by 'TR/ATRAPS.Gen2' and 'TR/Swisyn.ahlj' [trojan]' any idea ? beside disconnecting from the internet thanks Share this post Link to post Share on other sites
Seth Posted June 22, 2010 Hi Chtamina. Please post the latest SAS scan log for review. Do not post the tracking cookies if the log contains them. The log can be found in SAS's Preferences-->Logs/Statistics. Share this post Link to post Share on other sites
chtamina Posted June 23, 2010 Hi Chtamina. Please post the latest SAS scan log for review. Do not post the tracking cookies if the log contains them. The log can be found in SAS's Preferences-->Logs/Statistics. scan with Administrator account in safe mode SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/22/2010 at 09:52 PM Application Version : 4.39.1002 Core Rules Database Version : 5057 Trace Rules Database Version: 2869 Scan type : Complete Scan Total Scan Time : 00:47:14 Memory items scanned : 205 Memory threats detected : 0 Registry items scanned : 4636 Registry threats detected : 3 File items scanned : 13548 File threats detected : 0 Malware.Trace HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman [ C:\Documents and Settings\Administrator\Dati applicazioni\oreaw.exe ] HKU\S-1-5-21-299502267-1644491937-725345543-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL Disabled.SecurityCenterOption HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY everytime I restart the computer I get that file "oreaw.exe" when I go online I get notified about the same issue, plus avira detects: Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\0086980.exe' è stato rilevato un virus o programma indesiderato 'TR/ATRAPS.Gen2' [trojan]. Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\068.exe' è stato rilevato un virus o programma indesiderato 'TR/Swisyn.ahlj' [trojan]. Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temp\336660.exe' è stato rilevato un virus o programma indesiderato 'TR/Drop.Agent.cgag' [trojan]. Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\EFFWWBK1\5043[1].exe' è stato rilevato un virus o programma indesiderato 'TR/Swisyn.ahlj' [trojan]. Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\EFFWWBK1\dc1[1].exe' è stato rilevato un virus o programma indesiderato 'TR/Drop.Agent.cgag' [trojan]. Nel file 'C:\Documents and Settings\server\Impostazioni locali\Temporary Internet Files\Content.IE5\2FZ8W56T\34[1].exe' è stato rilevato un virus o programma indesiderato 'TR/ATRAPS.Gen2' [trojan]. Share this post Link to post Share on other sites
Seth Posted June 23, 2010 Thanks. Your infection database for SAS is about two weeks old. Be sure to update SAS before running it. Open SAS, right click on the SAS beetle icon on the lower right, click on "Check For Updates", then run a complete scan again. If HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY appears again, then put a check in the box to allow SAS to repair that registry entry. If the oreaw entry appears again, make sure there is a check in the box as well. Following that, if the oreaw appears in a subsequent scan, then please open a SAS support ticket, and SAS's Customer Support will assist you: https://www.superantispyware.com/csrcreateticket.html Share this post Link to post Share on other sites
