Need Help!! (Virus hijacks PC as soon as I connect to internet)

[Pondus]

disable all startup items except avast go to safemode and run malware bytes

Nope....Malwarebytes should only be run in safe mode if normal mode dont work

and i dont think Essexboy needs to be told what tools to use   

[JPBoston]

Hey there,

The OTL scan ran and completed... attaching log.  But the internet problem still persists.

The computer is fine until I plug in the ethernet cable, then within a few moments, it gets locked up.  Avast didn't even have time to update it's definitions... got about half-way thru 'step 1'.

[essexboy]

That sounds like an interference with the TCPIP

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[JPBoston]

Just installed the Combofix program... it ran and completed just fine.

Computer is still acting wonky though.  Avast disapeared from the system tray, MS Essentials wouldn't turn on, turning on Ad-Aware crashed the system (after plugging in the 'net).

I'll reboot and try again...

[JPBoston]

Rebooted again... problem persists.  Though MS Security Essentials did start itself automatically this time.  FYI, all this posting on the forum and downloading programs is done on my desktop PC and transferred to laptop via USB flash drive, and logs copied to flash drive and brought back over to desktop.  Fun process.  

This happens over the course of 5 minutes or so:  In Task Manager, CPU usage is at roughly 10% Physical Memory at 60%... but trying to start Firefox after plugging in the ethernet cable is taking FOREVER.  The "thinking" (what the heck is that light called?) light is blinking like crazy, but CPU just dipped back down to 3%... Firefox browser did open a few mins ago, but blank white 'page' and 'not responding' message when I try to click somewhere in Firefox.... just lost control of the mouse.... mouse is back, but clicking on Task Manager window is unresponsive, takes about 30 seconds if I click on a tab within it for it to actually open.  CPU never goes over 3%, physical mem never goes over 66% for the last 5 minutes or so.

Sorry for the random flow of thought there... thought it might describe the problem a little more.

[essexboy]

I really need to see what processes are running so to that end I will ask you to something a bit weird

I would like you to download AVPTool and run the first part disconnected from the net.  However, for the second, analysis part I would like you to connect before running the programme so that I can then see all processes that are active whilst it is running



Download AVPTool from Here to your desktop 
   
Run the programme you have just downloaded to your desktop (it will be randomly named ) 
 
First we will run a virus scan  
 
Click the cog in the upper right 

 
 
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan 

 
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
 
 
Now the Analysis
 
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information 
 

 
On completion click the link to locate the zip file to upload and attach to your next post 
 

Megaupload

[JPBoston]

The initial Kaspersky report took over 10 hours to complete, but it did finally finish.  It found 2 trojans in what looks like email folders.  Report attached.

I'll run the second scan right now and post the results when I can. 

[true indian]

make sure u keep the net connected while doing the manual disinfection process as essex told.

[JPBoston]

make sure u keep the net connected while doing the manual disinfection process as essex told.

I did.  Problem is... like I described above, connecting to the 'net freezes the computer.  So the scan didn't get far.  Woke up to a frozen computer.

[JPBoston]

Since my last post, I've been patiently waiting for my laptop to come out of 'sleep' mode from the overnight scan...  I had to unplug the ethernet to get any action at all.

It finally just popped up now... two MS-Dos looking windows were first to come up...

They are blank-black... but the top-left of one of the windows has the C:\ logo followed by "_uninst_33346271" they just disappeared as I was copying them down, but the other number was similar... they disappeared right as Kaspersky re-opened.

Kaspersky then asked for a system reboot with a little pop up window that said "error message is" but no error message was listed... and the install window is up, why Kasperksy needs to re-install is beyond me.

I'll let it re-install and see if it managed to create any logs.  I'm guessing the entire system crashed soon after plugging into the 'net.

[essexboy]

Okey Dokey

Could you download and run the latest aswMBR please and also run a fresh OTL scan with all users selected.  I now have a possible inkling about this 

[JPBoston]

Okey Dokey

Could you download and run the latest aswMBR please and also run a fresh OTL scan with all users selected.  I now have a possible inkling about this 

Cool --- Re-downloaded ASW from the link you provided on page 1 and it shows a new File Version #.  About to run it and then OTL as suggested.

I did manage to reboot a few times and get to Kasperskey's aborted log.  Looks like it shut off a few minutes after I started it, long before any sleep mode kicks in (I ran it and went to bed for the night, sleep mode kicks in after an hour or two).

Unfinished log attached, just in case it shows anything useful...

[JPBoston]

ASW Finished... here's the scan log (seems like it found 2 things).

Do I click "Fix MBR"?

[essexboy]

No it is not an MBR problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Files
  ipconfig /flushdns /c
  C:\Users\Joe\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[JPBoston]

Here's the OTL log... seemed to run as planned.  I haven't tried connecting to the 'net though... waiting to hear back first, just in case.