Need help to remove (8000064.@ 80000032.@ 00000004.@ 80000000.@ 000000cb.@)

[GoncaloF]

As state I'm having problems with some virus named (8000064.@ 80000032.@ 00000004.@ 80000000.@ 000000cb.@)
I tried with avast but couldn't remove and MBAM too. If someone can help me trough the process would be appreciated!

I'm new to this, and I've been trying to search fixes but can't see any.

Please help, I'll attach log files.

[Pondus]

also attach AdwCleaner and aswMBR log

[GoncaloF]

Thanks for the fast reply, here are those logs.

[magna86]

@GoncaloF

Hello and welcome to avast! 




> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

• Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  
• In the window that opens on the top right corner, click Settings.
  
• In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  
  
• Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.

[GoncaloF]

Here is it...

Oh and after this I haven't got any pop-up of avast saying it was found any virus... so is it solved?

[magna86]

Hi,
We still have some work here and we also need to restore from Combofix Quarantine some leght files to system.

------------

> Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


KillAll::

Folder::
c:\windows\Installer\{e7d578cb-139d-a6d0-be48-051f26e546fe}

ClearJavaCache::

FileLook::
c:\windows\system32\services.exe
c:\users\Gonçalo\AppData\Roaming\Microsoft\Installer\{AC0F06C8-865D-4EC4-99CB-0714E2800880}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

********************************


> Please re-run aswMBR.exe tool, click on Scan and attach here fresh aswMBR.txt logreport.

[GoncaloF]

Ok, here they are, thanks so much for helping!

[magna86]

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


DeQuarantine::
C:\Qoobox\Quarantine\C\program files (x86)\SecureW2
Quit::



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
***************


How is your computer running now? 

[GoncaloF]

Working really well right now! I'm really thankful for all the help! Any step missing? Thanks so much (:

[magna86]

Hi,
Something's not right ... CF didn't restored leght files. We will re-run a different CFScript with fresh Combofix copy.



- delete old Combofix ( drag&drop to recycle bin) and download fresh copy.
- disable antivirus as you did before.
- Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


DeQuarantine::
C:\Qoobox\Quarantine\C\program files (x86)\SecureW2
C:\Qoobox\Quarantine\C\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
C:\Qoobox\Quarantine\C\windows\StiD1690.exe.vir
C:\Qoobox\Quarantine\C\windows\SysWow64\pt
Quit::



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply.

[GoncaloF]

Hello, I did all that I think, removed old ComboFix and installed a fresh one from the same link you sent me above...

Here's the log file