Avast WEBforum

Other => Viruses and worms => Topic started by: dingo2 on October 29, 2012, 09:54:32 AM

Title: Snap.do and Goodness knows what else
Post by: dingo2 on October 29, 2012, 09:54:32 AM
Hi I need some expert to tell me if I am still infected looking at the log attached. How do I get rid off it please.

Thanks

Title: Re: Snap.do and Goodness knows what else
Post by: Pondus on October 29, 2012, 10:02:39 AM
Quote
Hi I need some expert to tell me if I am still infected looking at the log attached. How do I get rid off it please.
follow the guide and attach the logs....not copy and paste  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR
Title: Re: Snap.do and Goodness knows what else
Post by: Pondus on October 29, 2012, 10:04:49 AM
when done....be patient as it may take hours before the malware removal experts arrive
Title: Re: Snap.do and Goodness knows what else
Post by: dingo2 on October 29, 2012, 11:44:43 AM
Log Files Attached
Title: Re: Snap.do and Goodness knows what else
Post by: dingo2 on October 29, 2012, 11:47:33 AM
Last Of the Log files : only thing that stands out is 2 Registry entries ..DNS  ... Controlset 001 & 002 , Thanks
Title: Re: Snap.do and Goodness knows what else
Post by: Pondus on October 29, 2012, 12:01:20 PM
Malware removers are notified.....check back later today   ;)
Title: Re: Snap.do and Goodness knows what else
Post by: essexboy on October 29, 2012, 03:16:19 PM
I am not seeing any sign of snapdo.. Where are you seeing it ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:OTL
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3563665913-2513293735-2134829780-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
[2012/10/28 18:14:41 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\windows\eSellerateEngine.dll
[2012/10/28 18:14:41 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\windows\eSellerateControl350.dll
[2012/07/03 14:46:42 | 000,217,672 | ---- | M] () Unable to obtain MD5 -- C:\Users\Stephan\AppData\Local\Temp\winlogon.exe
[2012/07/03 14:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\Stephan\AppData\Local\Temp\svchost.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Title: Re: Snap.do and Goodness knows what else
Post by: dingo2 on October 30, 2012, 06:48:01 AM
Hi, Logs attached. I think snap.do and StopZilla1 have been removed.

Thanks
Title: Re: Snap.do and Goodness knows what else
Post by: essexboy on October 30, 2012, 03:20:04 PM
Do you have any other problems ?
Title: Re: Snap.do and Goodness knows what else
Post by: dingo2 on October 30, 2012, 09:50:14 PM
Hi, No other problems. Thanks for the help  :)
Title: Re: Snap.do and Goodness knows what else
Post by: essexboy on October 30, 2012, 09:58:47 PM
Run OTL and press the cleanup button to remove it  ;D