[Resolved] Bogus Anti-virus

[johnmac150]

OK. Will do so and let you know.

[johnmac150]

type in del ppmate-2-3-1-74-inglesi.exe
Then Enter

Removed file

Download and scan with CCleaner

Scanned and it removed 5Gb worth of files etc. Wipe of MFT free space still running.

[bamajim]

Removed file

Scanned and it removed 5Gb worth of files etc. Wipe of MFT free space still running.

How is your PC running now?

[johnmac150]

Hi

Something strange has happened. Somehow I've downloaded and installed what appears to be a free version of AVG Ant-virus 2012. It was late at night and I was tired but I think it was when I clicked on your link to CCleaner. I only realised it was the wrong software when I looked at your instructions and they didn't match what I was seeing. File I downloaded was "avg_avct_stb_all_2012_2178_ppc2.exe". Did something on my computer re-direct your link to a bogus site and I've now installed a malicious application?
If it is bogus, it tells me that the original exe file I downloaded which started this conversation is infected with a Trojan Horse: Generic28.BGTD.

PC appears to be running OK but I am paranoid that I've installed something (rootkit?) that might be monitoring my sessions, keystrokes, passwords etc.

John

[bamajim]

The file avg_avct_stb_all_2012_2178_ppc2.exe is the installer file  for the free version of AVG.

It is quite possible tha there are other free software adds on the location from which you downloaded CCLeaner. It doesn't mean you have to install them.

If you are looking for a replacement AntiVirus program I can recommend some.

[johnmac150]

The file avg_avct_stb_all_2012_2178_ppc2.exe is the installer file  for the free version of AVG.
It is quite possible tha there are other free software adds on the location from which you downloaded CCLeaner. It doesn't mean you have to install them.

There is no link to AVG on that site. That is why I am worried I was redirected and therefore I still have a virus and/or rootkit. Also, although name is correct for AVG installer, it could easily be a malicious executable, could it not.

I would like to do another scan and post results here. Would you tell me which tool to use and be willing to analyse it for me?

[bamajim]

Let's do this another way

Let's scan the file in question. go HERE

Select Choose file. Then using windows explorer locate the file avg_avct_stb_all_2012_2178_ppc2.exe

Then select Scan it. This will scan the file with some 40 sources.

Once the file is scanned, then reply witht the results.

[johnmac150]

Results of Virustotal scans are attached because formatting was difficult to read when pasted as text. I have also attached the results for the original problem setup.exe file, which I am still concerned infected PC in background when "Save" was clicked.

Thanks, John

[bamajim]

The results from the Virustotal scan indicate that the installer file avg_avct_stb_all_2012_2178_ppc2.exe is a legit file.

The setup.exe file you scanned needs to be deleted.

[johnmac150]

Deleted setup.exe

Sorry but I'm paranoid - How do I verify that it didn't infect PC either first or second time it was downloaded while Microsoft protection was turned off?

[bamajim]

johnmac150

Rerun MalwareBytes antimalware, adn post the results in your reply.

[johnmac150]

johnmac150

Rerun MalwareBytes antimalware, adn post the results in your reply.

Don't think I ran that before. Do you want me to run MalwareBytes or one of the others you had me run, e.g. Kaspersky? If Malwarebytes, would you advise best place to obtain most recent version?

Thanks again.

[bamajim]

Don't think I ran that before. Do you want me to run MalwareBytes or one of the others you had me run, e.g. Kaspersky? If Malwarebytes, would you advise best place to obtain most recent version?

Thanks again.

I haven't requested a MalwareBytes scan before, but according to your DDS log you have it installed, do you not have an Icon on your desktop?

Open MBAM ->> Select the Update tab, Once updated ->> Select Scan (Quick scan should be selected) When it's complete a log will open, copy and paste the results of that log in you reply.

[johnmac150]

Had deleted it. Have downloaded again from shop.malwarebytes.org and running full scan just now.
Does it check for rootkit malware?

[bamajim]

Had deleted it. Have downloaded again from shop.malwarebytes.org and running full scan just now.
Does it check for rootkit malware?

Yes. And the log will give us some indications as well. Post the log when you are ready.