Avast WEBforum
Other => Viruses and worms => Topic started by: Deltharis on December 01, 2012, 09:54:49 PM
-
Ok, so, I got myself thinking that it was quite some time since I last did a virus scan. So, I ran a boottime scan. Something severe was found in Windows/Install folder, something this tool could not delete, move nor repair. So, I cancelled the scan (since the only choice left was "ignore"), and in search for help I came here. I did first two steps from the guide. I run Malwarebytes tool twice, first time with Flesh scan (log 13-10-18) which deleted one minor problem, secondly with recomended quick scan. It didn't find the one Avast bootscan talked about. I also run OTL, both files attached. However the third step, with aswMBR was a disaster - on first try after 15 minutes it crashed. Windows problem solving of course didn't find a way to fix it. So I run it again. And got bluescreen after two minutes or so. Is it because I didn't turn off Malwarebyte and Avast? Could the download have been corrupted? Or is the infection even more severe than I thought?
-
Sometimes aswMBR will for no apparent reason crash , I will check the MBR another way
I am not seeing at the moment anything of major concern
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2012/07/14 23:17:25 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
[2012/10/27 19:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 19:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
- Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and save it on your desktop.
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on Scan
(https://dl.dropbox.com/u/73555776/RKScan.GIF)
- Wait for the end of the scan.
- The report has been created on the desktop.
-
Yay, it got that annoying firefox plug-in that put adverts here! I like it.
I didn't know if I was supposed to put that custom scan commands into OTL this time - so just to be sure I did. "Extra.txt" file didn't change, that was probably expected. I also attached the otl script execution log (I wasn't going to but in the last minute i found where it was ;) )
RogueKiller found something, but nothing seemed important or dangerous, so I just post logs, but I didn't make him delete anything.
Thanks for the help so far.
-
You were correct there was nothing of import in the RK scan
How is the computer behaving now ?