IDP.Generic Threat Detected by AVG Antivirus: File in C:ProgramData & Proxy Connection Reset

Question

Hello, AVG Antivirus detects certain file as IDP.Generic threat. This file is in C: \ ProgramData \ and cannot be deleted. Trying to clean with adwc...

Kolobos · Accepted Answer

From what you can see in the log, it has already been removed, there is not even the C: \ PROGRA ~ 3 \ 4D9BFDB2 \ directory.

To be sure, you can add to Fixlist.txt:
C: \ Program ~ 3 \ 4D9BFDB2 \

I advise you to be careful in the future and not to run infected false invoices that you receive by email.

Kolobos · Answer

Podasz nazwe tego pliku i jego dokladna lokalizacje?

Odinstaluj: AVG PC TuneUp

Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
IFEO\isql.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\serwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2018-09-11]
ShortcutTarget: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
ProxyServer: [S-1-5-21-3230307727-106811691-3751367454-1000] => 127.0.0.1:1080
ManualProxies: 1127.0.0.1:1080
RemoveProxy:
S2 4D9BFDB2; C:\PROGRA~3\4D9BFDB2\4D9BFD64.DLL [X]
2018-09-17 22:52 - 2018-09-17 22:52 - 000344576 _____ C:\Users\serwer\AppData\Roaming\lZ.exe
2018-09-17 08:31 - 2018-09-17 08:31 - 000150016 _____ C:\Users\serwer\AppData\Roaming\sdvho.dll
2018-09-14 08:38 - 2018-09-14 08:38 - 000145920 _____ C:\Users\serwer\AppData\Roaming\TyZ.dll

Armadaxx · Answer

I removed AVG PC TuneUp and ran the Fix with FixList.txt option As for the file, it is located in: C: \ ProgramData \ 4D9BFDB2 \ 4D9BFD32.dll

Armadaxx · Answer

It was one of the employees of the company computer who infected the computer in such a way because she downloaded the file with the invoice. Thank you for your help.