Avast WEBforum
Other => Viruses and worms => Topic started by: madalinbj on May 22, 2013, 10:39:20 PM
-
HI! Can you help me?
Thx!
-
removers are notified. it may take hours before they arrive so be patient
-
aswMBR
-
Hi,
> Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
note: ComboFix must be downloaded to your Desktop.
> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
How to disable avast:
- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
============ Next ===========
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
combo&FRST
-
any answer? pls
thanks!
-
any answer? pls
thanks!
Be patient, I will not forget you ...
----------
1.
Paste FRST.exe in some folder on your desktop
2.
Open notepad.
- Click Start
- Type notepad.exe in the search programs and files box and click Enter.
- A blank Notepad page should open.
Copy - paste the content below;
File: c:\windows\system32\services.exe
Folder: c:\users\mada\AppData\Roaming\postgresql
c:\windows\Installer\{77a80ffe-2062-1aeb-49d1-726875a5aae8}
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
- Save fixlist.txt in the same folder where you saved FRST.exe
fixlist.txt must be in the same location where FRST.exe tool is!
- Double-click to run FRST.exe.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
-
fixlog
-
So far this looks good. We go to additional check.
Please download zoek.exe (http://home.kpn.nl/stefsmeenk/zoek.exe/) and save it to your desktop.
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
process;
srinfo;
systemscpecs;
installedprogs;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
zoek
-
We will re-run FRST with this script:
Open notepad.
- Click Start
- Type notepad.exe in the search programs and files box and click Enter.
- A blank Notepad page should open.
Copy - paste the content below;
DeleteJunctionsInDirectory: C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
DeleteJunctionsInDirectory: C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c
DeleteJunctionsInDirectory: C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306
- Save fixlist.txt in the same folder where you saved FRST.exe
fixlist.txt must be in the same location where FRST.exe tool is!
- Double-click to run FRST.exe.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
[/quote]
=========== Next =========
Re-run zoek.exe using this script:
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
Attach here fresh zoek log.
How's your computer running now?
-
another logs
-
Ok, your computer running good now?
-
like 1st day.
Thanks a lot !
-
like 1st day.
Thanks a lot !
8)
It is necessary to uninstall ComboFix :
- Click Start (or (http://amf.mycity.rs/pg/images/VistaStartButton.png)) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
- In the line of text type in (Copy) the following:
ComboFix /Uninstall Note that there is a space between " ComboFix " and " /Uninstall " .
- then click OK (or press Enter ).
Wait for the uninstall process is complete.
-----------------------------------------
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
------------------------------
I recommended you to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link (http://amf.mycity.rs/mcshield/)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.