I need help; AVG reports Hacktool.CKS

I need help; AVG reports Hacktool.CKS - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: I need help; AVG reports Hacktool.CKS (/showthread.php?tid=1736)

Pages: 1 2

I need help; AVG reports Hacktool.CKS - Red X - 10-18-2009

AVG keeps on reporting this virus....Can someone help?

[Image: 57157487.png]

Should I maybe empty the vault?

RE: AVG reports Hacktool.CKS - brett7 - 10-18-2009

for severity it calls it PUP which i don't know what it means but just see what it is first before deleting

RE: AVG reports Hacktool.CKS - Codine - 10-18-2009

Google the exe name, maybe that will enlighten you.. It's in the system restore, so you should be fine to removed it.. Just make a new restore point if you use system restore.

Also, run Malwarebytes Anti Malware to see if the exe has spread to other parts of your drive.

hope this helps.

RE: AVG reports Hacktool.CKS - Red X - 10-18-2009

I'm guessing PUP stands for Potentially Unwated program

Okay I did research on it...One guy had almost the same thing as me:

I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0040906.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!

So its a worm!

And the program the deleted it for him was Avira AntiVir Personal

So should I use that because it seems AVG isn't helping.

RE: AVG reports Hacktool.CKS - Viciousness - 10-18-2009

(10-18-2009, 09:39 AM)Red X Wrote: I'm guessing PUP stands for Potentially Unwated program

Okay I did research on it...One guy had almost the same thing as me:

I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0040906.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!

So its a worm!

And the program the deleted it for him was Avira AntiVir Personal

So should I use that because it seems AVG isn't helping.

I would recommend either Avast!, Avira, or Microsoft Security (using that atm and I love it). They're all free quality anti-viruses.

RE: AVG reports Hacktool.CKS - Codine - 10-18-2009

It means you've been rooted by a botnet at some point.. Remove it, and then scan your computer with Malwarebytes, it's a really good anti malware/spyware program, i use it and alot of others on this forum do too.. I'd reccommend it to anyone to be honest with you.

RE: AVG reports Hacktool.CKS - Omniscient - 10-18-2009

1. Turn off system restore
2. Download Avast
3. Run Avast on bootup. It will want to do this the first time you install

If that doesn't work then let us know.

RE: AVG reports Hacktool.CKS - Red X - 10-18-2009

Thanks guys..It tried installing Avira MreGsx but it got an error while installing for some reason..Since Avast seems to be mentioned the most I guess I will have to try it...I will follow the steps Omniscient has said... Codine, I am really shocked at this...Also I am going to try to remove it now doing the steps provided by Ominiscent and I already have and use Malwarebytes...Thank you all. I will get back to you soon...Now to turn off system restore.

uhh Omniscent, when you say Run Avast on bootup, does that mean I am required to restart my computer somewhere in those steps?

Arrrggg...I just got an error:

System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again.

I am going to google it now.

I couldn't turn off System Restore so should I just restart and try again? or should I just continue and download Avast?

For now I think I am going to continue downloading Avast...

Should I download avast! Virus Cleaner Free or avast! Professional Edition....

I am using the Virus Cleaner and this is what it is:

[Image: avastr.png]

I hope this does the job...

Now it has changed this is what it says now:

avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Jarell\My Documents\Downloads\aswclnr.log

10/18/2009, 1:23:17 PM Jarell =)
Memory scanning started...

Changed:

avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Jarell\My Documents\Downloads\aswclnr.log

10/18/2009, 1:23:17 PM Jarell =)
Memory scanning started...
No virus body found in memory.
Memory scanning finished (284.3s).
----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\OnlineArmor\license.dat... file could not be scanned!
C:\Documents and Settings\Jarell\Application Data\Mozilla\Firefox\Profiles\2rq3zls2.default\cookies.sqlite-journal... file could not be scanned!
C:\Documents and Settings\Jarell\Application Data\OnlineArmor\client.dat... file could not be scanned!

Okay..Its been running for like 30 minutes here and it has been on the same file now so I'm going to stop it and run the real Avast.

RE: I need help; AVG reports Hacktool.CKS - DAMINK™ - 10-18-2009

Your worried about the PUP but not the trojan?
In either case its in the vault so that dont matter.
What does is the fact its in your restore files. I would remove all system restore points.
Reboot in safe mode. Do a sweep then and get rid of as much as you can then check with startup entries and all done.

RE: I need help; AVG reports Hacktool.CKS - Red X - 10-18-2009

AVG doesnt seem to be reporting it as much as it did before...Maybe it got it all because maybe its just me or I think and dont know for sure that it may have kept on coming back...
I think its gone now

I want to do what your saying but how would I remove system restore points and how would I "sweep"? and start up entries?