IDP.Generic Threat Detected by AVG Antivirus: File in C:ProgramData & Proxy Connection Reset

Armadaxx 4053 4
This content has been translated flag-pl » flag-en View the original version here.
  • #1
    Level 7  
    AVG Antivirus detects certain file as IDP.Generic threat. This file is in C: \ ProgramData \ and cannot be deleted.
    Trying to clean with adwcleaner does not help. I also noticed that from then on, when AVG detected this threat, it keeps restarting the proxy connection setting. I attach logs from the FRST application to the topic.
    Best regards.
  • #2
    IT specialist
    Podasz nazwe tego pliku i jego dokladna lokalizacje?

    Odinstaluj: AVG PC TuneUp

    Wykonaj Fixlist.txt dla FRST:
    HKLM-x32\...\Run: [] => [X]
    IFEO\isql.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    Startup: C:\Users\serwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2018-09-11]
    ShortcutTarget: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    ProxyServer: [S-1-5-21-3230307727-106811691-3751367454-1000] =>
    ManualProxies: 1127.0.0.1:1080
    S2 4D9BFDB2; C:\PROGRA~3\4D9BFDB2\4D9BFD64.DLL [X]
    2018-09-17 22:52 - 2018-09-17 22:52 - 000344576 _____ C:\Users\serwer\AppData\Roaming\lZ.exe
    2018-09-17 08:31 - 2018-09-17 08:31 - 000150016 _____ C:\Users\serwer\AppData\Roaming\sdvho.dll
    2018-09-14 08:38 - 2018-09-14 08:38 - 000145920 _____ C:\Users\serwer\AppData\Roaming\TyZ.dll
  • #3
    Level 7  
    I removed AVG PC TuneUp and ran the Fix with FixList.txt option
    As for the file, it is located in: C: \ ProgramData \ 4D9BFDB2 \ 4D9BFD32.dll
  • Helpful post
    IT specialist
    From what you can see in the log, it has already been removed, there is not even the C: \ PROGRA ~ 3 \ 4D9BFDB2 \ directory.

    To be sure, you can add to Fixlist.txt:
    C: \ Program ~ 3 \ 4D9BFDB2 \

    I advise you to be careful in the future and not to run infected false invoices that you receive by email.
  • #5
    Level 7  
    It was one of the employees of the company computer who infected the computer in such a way because she downloaded the file with the invoice. Thank you for your help.