Malware

My OS is win 7 prof 64 bit and from time to time I get a message from a Malware screen to say that my pc is infected with ; Malware Win 32/Caphew, and the Alert is Severe and the Status is Active.  
I have Avast Premier anti virus and I have run a full system scan, but it did not detect this malware.  Also I had downloaded Adwcleaner and ran a scan, and nothing happened.
Can the Gurus please advise how I can get rid of this malware before it does any serious damage. Thank u.
jegajothyretiredAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PerarduaadastraCommented:
Have you tried Combofix from sUBs? I've found it to be very effective in such situations.

It's available from www.bleepingcomputer.com - it's available on other sites too, but bleepingcomputer.com has always delivered the genuine article so I don't get it from anywhere else.

Back up anything you want to keep before running Combofix; I've never experienced problems with it, but better safe than sorry! For best results you will need to disable your AV software before running it. Also, once it's running don't click inside its window, as doing so can cause it to hang.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
I think a good combination is to scan with your existing scanner (Avast in this case) and then scan with Malwarebytes.  This is an excellent scanner to use when you have malware.

Try that and see if Malwarebytes picks up the items you mention above.

Going forward, you need to be very careful what you click on when on the internet sites. Do not click on most ads. Click on link is how you invite malware into your machine. It does not get in otherwise. So only use sites you know are safe to use.
0
aadihCommented:
Microsoft Security Essentials detects and removes this malware.  Worth a try.

You could also try scanning with MalwareBytes Anti-Malware and SUPERAntiSpware (both free) just to be sure.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jegajothyretiredAuthor Commented:
thank u for suggestion, looks I completely forgot that I posted it.  especially when I found out the potential damage it can cause.
0
aadihCommented:
It's okay. No harm done. Mistakes make us human.

[Just as malware and virii make us appreciate computer more. ;-)]
0
Thomas Zucker-ScharffSolution GuideCommented:
Is the alert coming up as part of your av/am protection or does it come up in a browser? I'd the latter,  then you have a browser hijack at worst (you can use spybhoremover from securityxploded.com and check settings in your browser). If it is not coming up in a browser window,  have you tried running the svchost file from chameleon (www.malwarebytes.org/chameleon)?
0
jegajothyretiredAuthor Commented:
In response to all the suggestions.  I have tried Microsoft Security Essentials.  But it did not find this culprit : win 32 /caphew virus.  Also I tried 'Yet Another Cleaner' remover, which also did not detect it.  And Adwcleaner but also did not detect it.  Even my Avast premier anti virus did not detect it.  I am only concerned of the potential danger this virus may cause.
0
JohnBusiness Consultant (Owner)Commented:
Is the name spelled correctly?  A google search suggests it is the win32/caphaw virus. Microsoft has a page about it, suggests that its security software can remove, and suggest it is a back door virus spread through You Tube, Skype and whatever to get your online banking details.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Caphaw
0
aadihCommented:
Microsoft Security Essentials: As suggested in the third post, above.
0
JohnBusiness Consultant (Owner)Commented:
This virus also goes under other aliases:

http://www.virusradar.com/Win32_Caphaw.I/description
0
aadihCommented:
Did you take a look at your installed toolbars and addons?  Remove the toolbars and disable addons.

Another program worth trying is: AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/ >
0
jegajothyretiredAuthor Commented:
In response to John Hurst, I visited the registry, but did not find any listing there.  See attached registry snap shot.  Thank u.
win32-caphaw-registry-key.JPG
0
jegajothyretiredAuthor Commented:
in response to Aadih, I tried your suggestion too, but it did not find the culprit.  Thanks for your suggestion.
0
JohnBusiness Consultant (Owner)Commented:
You may need to try a different virus tool from Avast. If you do, uninstall Avast.
0
jegajothyretiredAuthor Commented:
After 3 days with MS paid support, they have narrowed it down to an alert attached to an email, since the screen only appears when I open an email client, like outlook or incredimail or access the account thru the web either thru the browser Torch, or Opera or IE11.
Thank u everyone for your suggestions, because in the process, i managed to clean up many parasites on my pc attached to attached something. Thank again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.