Error during cleaning

AVG Anti-Spyware 7.5: After all scans, when I choose either DELETE or QUARANTINE I always get "error during cleaning" as the result after applying action for most all objects. I've even done a complete scan while in safe mode. I am using Firefox as the browser. Any ideas for preventing error messages during cleaning.

 

Can you attach here a scan log or which detected files cannot be removed?

 

Mrs

I have the same problem with Ewido Anti-Malware.

 

Attached is error report.

 

i also encountered similar plights. At first i guess some correlated courses are not shut down, however, after a restart and in a safemode pattern, it still says that error during cleaning. So i guess the virus has juggled and replaced the correct system files. if we delete or quarantine it, the system will be damaged, if we leave it, the system will report error repeatedly.
Oh, it's a dilemma.

 

Please post here the requested scan logs

 

I had the same problem. After I downloaded the program, I scaned my computer and it found 24 traces detected. So I tried selecting Quarantine, but once I did It, In one part said "Actions have been aplied", While next to the name of the malware said "Error while Quarantine".

The name of the threat is "downloader.Agent.uj"

And the report said:


[1036] VM_00A90000 -> Downloader.Agent.uj : Error during cleaning.
[1324] VM_00970000 -> Downloader.Agent.uj : Error during cleaning.
[1372] VM_00930000 -> Downloader.Agent.uj : Error during cleaning.
[1440] VM_00B20000 -> Downloader.Agent.uj : Error during cleaning.
[1536] VM_00910000 -> Downloader.Agent.uj : Error during cleaning.
[2372] VM_00380000 -> Downloader.Agent.uj : Error during cleaning.
[2560] VM_00A50000 -> Downloader.Agent.uj : Error during cleaning.
[2752] VM_00B20000 -> Downloader.Agent.uj : Error during cleaning.
[332] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
[344] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning.
[3892] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning.
[400] VM_00920000 -> Downloader.Agent.uj : Error during cleaning.
[424] VM_00B80000 -> Downloader.Agent.uj : Error during cleaning.
[548] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning.
[560] VM_00B20000 -> Downloader.Agent.uj : Error during cleaning.
[584] VM_00C20000 -> Downloader.Agent.uj : Error during cleaning.
[592] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
[612] VM_00B30000 -> Downloader.Agent.uj : Error during cleaning.
[668] VM_00920000 -> Downloader.Agent.uj : Error during cleaning.
[740] VM_03580000 -> Downloader.Agent.uj : Error during cleaning.
[764] VM_00DD0000 -> Downloader.Agent.uj : Error during cleaning.
[784] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning.
[832] VM_00A50000 -> Downloader.Agent.uj : Error during cleaning.
[864] VM_01270000 -> Downloader.Agent.uj : Error during cleaning.

Please, help... Thanks

 

Hi,

Please download rmdlagentuj.exe from http://fileserver.ewido.net/public.cgi?id=20845 and save it to your desktop.

Then execute this little tools and reboot your computer. After rebooting execute a complete system scan. Now the threat should be removed.

Regards,

Vinzenz

 

I did what you said, but it won't go away, now there's only 2 items, and the new name of the threat is " trojan.small.fb "
I'm a little bit concern 'coz it says that the threat has high risk.
what should i do?
thanks

 

Please post here a Hijackthis Logfile of your infected system.
Hijackthis Tutorial site: http://www.evilissimo-softdev.de/hjt_en.html

 

It's extremely long but i'll post it any ways...

Logfile of HijackThis v1.99.1
Scan saved at 12:58:20, on 13-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
c:\ARCHIV~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Java\jre1.5.0_03\bin\jusched.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\Dell\QuickSet\quickset.exe
C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe
c:\archivos de programa\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\ARCHIV~1\McAfee\SPAMKI~1\MskAgent.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\BitTorrent\bittorrent.exe
c:\archiv~1\mcafee.com\vso\mcvsftsn.exe
C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pachi\Mis documentos\gestiopolis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=cl&l=es&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=cl&l=es&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\ARCHIV~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Archivos de programa\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\ARCHIV~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\ARCHIV~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dmolp.exe] C:\WINDOWS\system32\dmolp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Archivos de programa\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\ARCHIV~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\ARCHIV~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pachips.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{008732CF-D231-4DB0-BABB-1D1DB56EFA7C}: NameServer = 85.255.114.61,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6011837-9564-4A1A-BCA4-D2CCC33E18A0}: NameServer = 85.255.114.61,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{008732CF-D231-4DB0-BABB-1D1DB56EFA7C}: NameServer = 85.255.114.61,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\ARCHIV~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Thanks for your time.

 

Just a reminder since a HJT log was posted:

Thanks,
Bubba

 

pachips restart Windows in safe-mode, start hijackthis again, select following entries and press 'Fix checked':

O4 - HKLM\..\Run: [dmolp.exe] C:\WINDOWS\system32\dmolp.exe
NOTE: This suspicious file uses random filenames. So it is possible that after a restart you will see here an other filename. But all filenames start with the same two letters 'dm' followed by three random letters: dm***.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{008732CF-D231-4DB0-BABB-1D1DB56EFA7C}: NameServer = 85.255.114.61,85.255.112.60

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6011837-9564-4A1A-BCA4-D2CCC33E18A0}: NameServer = 85.255.114.61,85.255.112.60

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60

O17 - HKLM\System\CS1\Services\Tcpip\..\{008732CF-D231-4DB0-BABB-1D1DB56EFA7C}: NameServer = 85.255.114.61,85.255.112.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60

 

karl, if you dont mind



pachips:

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

 

No need, but thanks. I was away on bussines trip, but when i got home, i did the hijack thing and it worked!. It's like having a new computer, everything works.. haha..

Well, thanks for saving my pc..

Pachips

 

Ps: Do you think I need to do that anyways?...
If you think i should i'll do it...