[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 802
  • Last Modified:

Malware

My OS is win 7 prof 64 bit and from time to time I get a message from a Malware screen to say that my pc is infected with ; Malware Win 32/Caphew, and the Alert is Severe and the Status is Active.  
I have Avast Premier anti virus and I have run a full system scan, but it did not detect this malware.  Also I had downloaded Adwcleaner and ran a scan, and nothing happened.
Can the Gurus please advise how I can get rid of this malware before it does any serious damage. Thank u.
0
jegajothy
Asked:
jegajothy
  • 5
  • 4
  • 4
  • +2
4 Solutions
 
PerarduaadastraCommented:
Have you tried Combofix from sUBs? I've found it to be very effective in such situations.

It's available from www.bleepingcomputer.com - it's available on other sites too, but bleepingcomputer.com has always delivered the genuine article so I don't get it from anywhere else.

Back up anything you want to keep before running Combofix; I've never experienced problems with it, but better safe than sorry! For best results you will need to disable your AV software before running it. Also, once it's running don't click inside its window, as doing so can cause it to hang.
0
 
John HurstBusiness Consultant (Owner)Commented:
I think a good combination is to scan with your existing scanner (Avast in this case) and then scan with Malwarebytes.  This is an excellent scanner to use when you have malware.

Try that and see if Malwarebytes picks up the items you mention above.

Going forward, you need to be very careful what you click on when on the internet sites. Do not click on most ads. Click on link is how you invite malware into your machine. It does not get in otherwise. So only use sites you know are safe to use.
0
 
aadihCommented:
Microsoft Security Essentials detects and removes this malware.  Worth a try.

You could also try scanning with MalwareBytes Anti-Malware and SUPERAntiSpware (both free) just to be sure.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
jegajothyAuthor Commented:
thank u for suggestion, looks I completely forgot that I posted it.  especially when I found out the potential damage it can cause.
0
 
aadihCommented:
It's okay. No harm done. Mistakes make us human.

[Just as malware and virii make us appreciate computer more. ;-)]
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Is the alert coming up as part of your av/am protection or does it come up in a browser? I'd the latter,  then you have a browser hijack at worst (you can use spybhoremover from securityxploded.com and check settings in your browser). If it is not coming up in a browser window,  have you tried running the svchost file from chameleon (www.malwarebytes.org/chameleon)?
0
 
jegajothyAuthor Commented:
In response to all the suggestions.  I have tried Microsoft Security Essentials.  But it did not find this culprit : win 32 /caphew virus.  Also I tried 'Yet Another Cleaner' remover, which also did not detect it.  And Adwcleaner but also did not detect it.  Even my Avast premier anti virus did not detect it.  I am only concerned of the potential danger this virus may cause.
0
 
John HurstBusiness Consultant (Owner)Commented:
Is the name spelled correctly?  A google search suggests it is the win32/caphaw virus. Microsoft has a page about it, suggests that its security software can remove, and suggest it is a back door virus spread through You Tube, Skype and whatever to get your online banking details.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Caphaw
0
 
aadihCommented:
Microsoft Security Essentials: As suggested in the third post, above.
0
 
John HurstBusiness Consultant (Owner)Commented:
This virus also goes under other aliases:

http://www.virusradar.com/Win32_Caphaw.I/description
0
 
aadihCommented:
Did you take a look at your installed toolbars and addons?  Remove the toolbars and disable addons.

Another program worth trying is: AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/ >
0
 
jegajothyAuthor Commented:
In response to John Hurst, I visited the registry, but did not find any listing there.  See attached registry snap shot.  Thank u.
win32-caphaw-registry-key.JPG
0
 
jegajothyAuthor Commented:
in response to Aadih, I tried your suggestion too, but it did not find the culprit.  Thanks for your suggestion.
0
 
John HurstBusiness Consultant (Owner)Commented:
You may need to try a different virus tool from Avast. If you do, uninstall Avast.
0
 
jegajothyAuthor Commented:
After 3 days with MS paid support, they have narrowed it down to an alert attached to an email, since the screen only appears when I open an email client, like outlook or incredimail or access the account thru the web either thru the browser Torch, or Opera or IE11.
Thank u everyone for your suggestions, because in the process, i managed to clean up many parasites on my pc attached to attached something. Thank again.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now