Avast WEBforum
Other => Viruses and worms => Topic started by: na_wspak on August 10, 2012, 09:19:18 AM
-
The issue is similar to http://forum.avast.com/index.php?topic=102817.msg823352#msg823352 (http://forum.avast.com/index.php?topic=102817.msg823352#msg823352). I attach an OTL report. I will aprecciate any help. Thanks in advance
-
- I will be working on your Malware issues this may or may not solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine.
- If you don't know or understand something, please don't hesitate to ask.
- Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
- Please DO NOT run any other tools or scans whilst I am helping you.
- It is important that you reply to this thread. Do not start a new topic.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Absence of symptoms does not mean that everything is clear.
**********************
Step1
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:files
C:\Windows\Installer\{f66e7bc2-dab8-71dc-5559-06500ad25542}
C:\Users\rceluch\AppData\Local\{f66e7bc2-dab8-71dc-5559-06500ad25542}
:commands
[CREATERESTOREPOINT]
[purity]
[EMPTYFLASH]
[EMPTYJAVA]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
**************************
Step2
> Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
note: ComboFix must be downloaded to your Desktop.
> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction. (http://www.bleepingcomputer.com/forums/topic114351.html)
How to disable avast:
- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
-
Thanks for your time. I did steps 1 and 2. I attach logs. Let me know if you have any problems with Polish logs.
-
Let me know if you have any problems with Polish logs.
No Problem ;)
Open notepad and copy/paste the text present inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
FileLook::
C:\Qoobox\Quarantine\C\ProgramData\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll.vir
Save this as CFScript.txt
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
-
Here you can find the script attached.
-
Combofix log is not complete but that part is missing is not what i need right now.
How is your computer running now?
-
Thanks. Some system settings (like default browser) were changed to default but it's ok - I manage with it. Avast is quiet. Emsisoft Emergency is quiet too. It seems to be alright. Thanks again for you time and effort.
-
>>It is necessary to uninstall the ComboFix :
- Click Start (or (http://amf.mycity.rs/pg/images/VistaStartButton.png)) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
- In the line of text type in (Copy) the following:
ComboFix /Uninstall Note that there is a space between " ComboFix " and " /Uninstall " .
- then click OK (or press Enter ).
Wait for the uninstall process is complete.
>> Re-run OTL and click on CleanUp! button
Be safe ;)
-
Did what told to.
Big up!
-
;)