This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Earlier today, Kaspersky found AdWare.Win32.AdWrapper.dbin Installer[1].exe, oddly in the
C:\Documents and Settings\Deven\AppData\Local\Microsoft\Windows\NetCache\Content.IE5\ECVD6FS, which is odd since Win 8.1 does not have a Documents and Settings folder.
I had Kaspersky remove it. I ran Malwarebytes Anti-Malware to scan my entire hard drive, and it found nothing.
I am now running Microsoft Safety Scanner to triple-check. What else should I do? Thanks!
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
TDSSKiller Rootkit Removal Utility - Clean
RogueKiller - found Proc.Inject in WWAHost.exe, but this appears to be a false positive. It said some AlsysIO registry keys were suspicious, but I believe these have to do with CoreTemp
RKill - it found Spybot's old modifications to the HOSTS file, but it didn't find anything else
MBAM - it said I am clean yesterday.
It appears everything is gone
TDSSKiller said I am clean. I forgot to reboot, and I ran RogueKiller
PreScan found Proc.Injected in C:\Windows\SysWOW64\WWAHost.exe, but it appears Proc.Injected is a false positive (http://forum.adlice.com/index.php?topic=273.15)
MBAM said I am clean yesterday (full scan of hard drive)
RogueKiller V10.11.4.0 [Nov 2 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Deven [Administrator]
Started from : C:\Users\Deven\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/02/2015 21:49:18
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] WWAHost.exe(4384) -- C:\Windows\SysWOW64\WWAHost.exe[-] -> Killed [TermProc]
¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (??\C:\Users\Deven\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (??\C:\Users\Deven\AppData\Local\Temp\ALSysIO64.sys) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Program Files (x86)\eSupport.com -> Found
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] fb9b252aed9f399781f7ee99c9170a87
[BSP] 1268b7e306b0d2f18181ecb97eb747e3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
You might not need all of these, but start at the top and reboot after each one.
Remove it with these tools. Check for updates first and then scan
with each one at a time until your machine is clean.
TDSSKiller Rootkit Removal Utility
[http://www.bleepingcomputer.com/download/tdsskiller/](http://www.bleepingcomputer.com/download/tdsskiller/)
RogueKiller
[http://www.bleepingcomputer.com/download/roguekiller/](http://www.bleepingcomputer.com/download/roguekiller/)
RKill
[http://www.bleepingcomputer.com/download/rkill/](http://www.bleepingcomputer.com/download/rkill/)
SuperAntiSpyware
[http://www.superantispyware.com/](http://www.superantispyware.com/)
AdwCleaner (Free)
[http://www.bleepingcomputer.com/download/adwcleaner/](http://www.bleepingcomputer.com/download/adwcleaner/)
Malwarebytes (Get the free version)
[https://www.malwarebytes.org/free/](https://www.malwarebytes.org/free/)
When offered, uncheck: Enable free trial of Malwarebytes
Anti-Malware Premium.
Junkware Removal Tool (Free)
[http://www.bleepingcomputer.com/download/junkware-removal-tool/](http://www.bleepingcomputer.com/download/junkware-removal-tool/)
HitmanPro (30 day free trial)
[http://www.surfright.nl/en/hitmanpro](http://www.surfright.nl/en/hitmanpro)
I can't run Windows Defender alongside Kaspersky. You cannot run two AVs together.
That said, I initiating another full scan with Kaspersky
Hi,
Thanks for posting your query on Microsoft Community.
As per your query, I like to inform you that; AdWare.Win32.AdWrapper.db is a potentially unwanted program that can be get detected, when we run malware/virus scan in the system. This threat may download and install other threats when run into the computer. AdWare.Win32.AdWrapper.db, it will attempt to install other adware, toolbars, browser redirect, and hijack the home page of affected browser.
This malware/virus can be removed by performing full system scan using Windows defender.
Windows Defender protects your PC by scanning it to remove rootkits and other advanced malware that can't always be detected by antimalware programs.
As you told, after running Microsoft Safety Scanner in the system, nothing was found. So, it might be get removed.
As a workaround, you may also perform a full system scan using Windows defender.
Refer to the below link to perform full system scan using Windows defender:
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq
Hope it helps, reply to us with the status of your issue. We will be happy to assist you.