Help - trying to remove BraveSentry etc

[jholland1964]

Do the Killbox now. Cannot understand why in the world this AVG scan would take so long...how big did you say your hard drives are? I have never had one take all night.

[StckFigure]

I'm actually going to wait until AVG gets finished with the C drive at least (it's on W, so it still has to get through Windows), because it has so far found something called Rootkit.Agent.ef, which is maybe part of the problem? It's also found something called Downloader.Nurech.bh. I don't see a "stop and remove what AVG has found so far" button, though... just Pause and Cancel. I suppose I could pause AVG and run Killbox in safe mode, but I'm going to wait for you to tell me if that's ok. If you want and get this still tonight, though, I could also go ahead and cancel it, ignoring what it's found, run Killbox, then run AVG again after, while I sleep. Right now, I'm going to wait for further instruction and do nothing, letting AVG run, hoping you'll get this in the next couple hours.

[jholland1964]

No, let AVG run. Killbox should be run in Normal Mode.
Don't go anywhere however, wait a minute or two...I want to look at all your other AVG logs. Let it keep going...how big are your hard drives?
P.S. Don't give up we ARE making progress. There were just so many on the system...whew!

[StckFigure]

It definitely FEELS like progress - YAY!!! - and I'm sticking around here for at least another couple hours I don't get the BraveSentry popup anymore - haven't for a while - and I don't get the "Windows needs you to send your credit card to reauthorize" anymore since disconnecting from the 'net (which I still am)... I don't know if that will come back if I reconnect or not, but I'm goign to wait until we're all done to find out! how often have you had to go onto EIGHT pages to get a problem solved!? AVG will probably be running for another four hours, I bet, as it works its way through the F drive, which is where all the MP3s are... and another Windows directory (because that drive used to be a Master and is now a slave and I couldn't ever get rid of that Windows directory for some reason, so there it sits).

Together, the hard drives are about 300 GB, I think.

[jholland1964]

Ok drive sizes probably explains the long scan times...

Can you tell where these two were just found?
Rootkit.Agent.ef
Downloader.Nurech.bh

The reason I ask...both were found in an earlier scan and supposedly cleaned. Many of the items being found in the past scans are now in your System Restore...that is fine for now. I always hesitate having somebody clear their System Restore until we are certain the system is clean because it does exactly what it says it does...wipes out any restore points but I am thinking...maybe...it might be ok this time because I honestly wonder Where you would even be able to find a good restore point.
You are correct...8 pages is long, but I have had some that have gone on longer, generally though it is because either I was totally stupid and missed something (which could be the case here) or instructions were followed incorrectly, which is NOT the case here. You are doing so well, not getting panicky and deleting at random.
You did have a "boat load" of trojans on here! I did work, personally, on a friends computer this winter who ended up with 283 different viruses and 62 trojans so I don't think you beat that record. It is much easier to do it "hands on" though it still took me four days.

[StckFigure]

I can't find a path for either of the two things AVG has found so far; all it says is Threat and Risk (both high, of course). Is there something I can click on - with AVG still running - that would do it? (We're up to /Windows/Installer/ now). I've got no problem with wiping the system restore because, as you say, where could I honestly roll back to anyway? It all would probably be worse, especially since System Restore isn't all it's cracked up to be in the first place. I think it helps that I actually have *some* idea what's going on, although not nearly enough to be in your position! But you're being an absolute gem in helping me so much.

283 viruses? I don't think I'd even bother trying

[StckFigure]

To give you an idea of the size, AVG claims to have scanned over 421,000 objects right now in 3h, 41m

[jholland1964]

To give you an idea of the size, AVG claims to have scanned over 421,000 objects right now in 3h, 41m

Geeze! I just fell out of my chair!!!!
Now you can fall out of yours...
I just went through the AVG logs...
Thus far there have been 90 Trojans removed!!!!!
This DOES NOT count the various listings of Adware/Spyware deleted...some of which can be almost as nasty as those called Trojans. Some of these are considered Backdoor items.
Most backdoors are independent malicious programs that must be somehow installed to a computer which can then "leave the backdoor open" for other nasty items to enter.
So you see, we ARE making progress.

[StckFigure]

Oh my... 90 down, any idea how many might be left?

Wow. That's insane.

Do I need to worry about any password or, more importantly, credit card/bank data? I didn't GIVE any to anything (like that "Windows reauthorization" that wanted it), but is it possible for any of those to pull out identity info that I need to talk to my bank about?

[jholland1964]

Since you have NOT given any info out on the internet then probably not. I have not heard of that anyway. If you do online banking or use a credit card online then I certainly would check with the bank and credit card company. Passwords, you may want to change.
I really don't know how many, if any are left, we won't know for sure until...we know for sure. I know that is an "asinine" response but it is the only one I can give.
I CAN say that many of these seem to have come from p2p file sharing...this can be very dangerous, as you now see. Problem is, you think you are getting something for nothing and you are...but see what else do you get?

I had a fellow explain it to me this way...when you were a kid and you found, say a piece of candy on the ground, your Mother said, "don't pick that up, you don't know where it's been" and you really were tempted because after all, it was FREE candy. Well it is the same way with peer-2-peer...you really don't know where it has been.