Cant Eliminate Adware.navipromo.bze

jimi4
jimi4
in Malware talk

I have seen in the forum some topics about this malware but it was in a language i cant understand (probably romanian), so i ask help in english.What can i do to get rid of this adware?Is it a dangerous one? Bitdefender finds it but for some reason its unable to get rid of it.And i also discovered that i cant run bit defender iunder windows in safe mode...is this normal?


Thnks


the scan report is:


Product BitDefender Free Edition v10


// Product 10.2


//


// Created on: 15/01/2008 19:40:50


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\


E:\


Folders : 5289


Files : 140633


Memory processes scanned : 34


Archives : 8084


Runtime packers : 8753


Identified viruses : 1


Infected files : 5


Memory processes infected : 0


Suspect files : 0


Warnings : 0


Disinfected files : 0


Deleted files : 5


Moved files : 0


I/O errors : 27


Scan time : 01:21:57


Scan speed (files/sec) : 28


Spyware Statistics


Registry keys scanned : 293


Registry keys infected : 0


Cookies scanned : 55


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 0


Virus definitions : 971424


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 7


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[X] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[ ] Programs


[X] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[X] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\All Users\Dati applicazioni\Bitdefender\Desktop\Profiles\Logs\deep_scan\1200422450.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


C:\System Volume Information\_restore{30682DDF-3974-4986-AAD7-3C8883C27C49}\RP521\A0161567.exe=>(NSIS o)=>lzma_solid_nsis0002 Detected: Adware.Navipromo.BZE


C:\System Volume Information\_restore{30682DDF-3974-4986-AAD7-3C8883C27C49}\RP521\A0161567.exe=>(NSIS o)=>lzma_solid_nsis0002 Deleted


C:\System Volume Information\_restore{30682DDF-3974-4986-AAD7-3C8883C27C49}\RP521\A0161567.exe=>(NSIS o) Archive repacking has failed (marked actions not taken)


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006 Detected: Adware.Navipromo.BZE


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006 Deleted


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g) Archive repacking has failed (marked actions not taken)


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002 Detected: Adware.Navipromo.BZE


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002 Deleted


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g) Archive repacking has failed (marked actions not taken)


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o)=>lzma_solid_nsis0006 Detected: Adware.Navipromo.BZE


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o)=>lzma_solid_nsis0006 Deleted


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o) Archive repacking has failed (marked actions not taken)


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002 Detected: Adware.Navipromo.BZE


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002 Deleted


C:\Documents and Settings\Dimitri\Impostazioni locali\Temp\NSIS_Install_WMP.exe=>(NSIS o)=>lzma_solid_nsis0014=>(NSIS g) Archive repacking has failed (marked actions not taken)

Comments

  • farbar
    farbar
    edited January 2008


    • Empty your

      Temp
      folder, to do this:Reboot. Then go to

      start-run
      - type "

      %temp%
      " (without "), click OK it opens temp folder.


      select one of the files inside it in the right panel, then Ctrl+A to select all the contents and then Shift+delete to empty your Temp folder.


    • Go to

      start-run
      - type "

      cleanmgr.exe
      " (without "), click OK it shows C drive to be cleaned, click OK, check at least Temporary Internet files, Temporary files and Recycle Bin. Click Ok to confirm.


    • Reboot and check if your computer is running fine. Then empty your

      restore volume.
      To do that: go to start-control panel- system- system restore- check

      turn off system restore on all drives
      . Click apply. By doing this you loose all your (infected) restore points. Reboot and uncheck "

      turn off system restore on all drives
      ' to create a clean restore point.


    • Download\install '

      SuperAntiSpyware
      Home Edition Free Version' from here:



      Launch SuperAntiSpyware and download the updates.


      Go to Configuration and Preferences - Preferences - Scanning Control - undnder
      Scanner Options
      check:
      Close browsers before scanning.
      Scan for tracking cookies
      and
      Terminate memory threats before quarantining
      . Leave all others unchecked and "
      Close
      ".


      Then on the main screen, under "
      Scan for Harmful Software
      " click
      Scan your computer
      .


      On the left, make sure you check
      C:\Fixed Drive
      .


      On the right, under "
      Complete Scan
      ", choose
      Perform Complete Scan
      .


      Click "
      Next
      " to start the scan it may take some time, wait until the scan is finished. After the scan is complete, a
      Scan Summary box
      will appear with potentially harmful items that were detected. Make sure to check all the items and Click "
      OK
      ".


      Make sure everything has a checkmark next to it and click "
      Next
      ".


      A notification will appear that "
      Quarantine and Removal is Complete
      ". Click "
      OK
      " and then click the "
      Finish
      " button to return to the main menu.


      If asked if you want to reboot, click "
      Yes
      ".


    Please report back your progress.


    Success!


  • farbar
    farbar
    edited January 2008

    Hi again,


    By the first three steps the Internet Explorer should be closed for better result. You can copy, paste and save the instruction to a .txt file by notepad.

  • jimi4
    jimi4

    thnx a lot.


    i copied the instructions.I'll trie it and i'll report.

  • jimi4
    jimi4

    I've done all following the instructions, but the annoying popups persist appearing.Have to find another solution.

  • farbar
    farbar

    You didn't mentioned the popups in your first post. The scan log was showing some infected files in user Temp folder and in restore volume. So I got the impression that the source of infection is removed and the left overs ware just to be removed to prevent the regeneration. Any way the source of the infection should be find and removed. If you still need assistance in that let me know.

All Time Leaders

Categories

Defenders of the month