Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » [SOLVED] Yontoo 1.10.02
September 29, 2012 02:04 [SOLVED] Yontoo 1.10.02 #217362
Top
markcebu

Avatar

Novice
Join Date: 29.9.2012
Posts: 4
AVG found this in my computer: adware generic5.KCG C:\programdata\tarma\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_setupx.dll

I believe this is Yontoo 1.10.2 AVG removed it, and I then unstalled Yontoo from my computer but after each restarting my computer AVG will find it again, and again....etc..
I ran Spybot Search and Destroy it also found it and removed it.
Now when I run the following:
Spybot, RootAlyzer, tdsskiller, Microsoft Security Essentials and IObit Malware none of these will find it, only AVG will.

? is AVG reporting a false positive??
September 29, 2012 10:44 Re: Yontoo 1.10.02 #217374
Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23779
@ markcebu

Have a look @ this Announcement post How To Handle Suspicious False Positive Detection?.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
September 30, 2012 03:23 Re: Yontoo 1.10.02 #217422
Top
markcebu

Avatar

Novice
Join Date: 29.9.2012
Posts: 4
BIG AL 43 wrote
@ markcebu

Have a look @ this Announcement post How To Handle Suspicious False Positive Detection?.




I ran jotti's scan and found this: AVG found this: Generic5.KCG and eset found:Win32/Adware.Yontoo.B

The other scans found nothing. Should I be concerned?
September 30, 2012 03:26 Re: Yontoo 1.10.02 #217423
Top
markcebu

Avatar

Novice
Join Date: 29.9.2012
Posts: 4
BIG AL 43 wrote
@ markcebu

Have a look @ this Announcement post How To Handle Suspicious False Positive Detection?.




Here is additional info from jotti's:

File size: 431104 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 7adf1508f4f7fc3c95a1de4f99b82f9a
SHA1: 4b0f3c79bab3b47dac180caecb53ed7a294b0b35
September 30, 2012 07:20 Re: Yontoo 1.10.02 #217425
Top
markcebu

Avatar

Novice
Join Date: 29.9.2012
Posts: 4
Well I found it. smile

To make a long story short I read on the bottom of your: How To Handle Suspicious False Positive Detection? about hidden folders that windows has and how to open then. So I followed your directions and when the hidden folders appeared, right in front of my eye was the file Tarma installer. angry Holly s..t, so I scanned it with AVG and sure enough that was the file causing all my positives hits with AVG. I deleted that Tarma installer file and restarted my computer and did another AVG scan...nothing so it gone. baringteeth I just want to thank AVG for this forum. I never knew windows had hidden folders or files.
September 30, 2012 12:04 Re: Yontoo 1.10.02 #217430
Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23779
OK markcebu, No probs.. Pleased to see that you appear to be now sorted.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support