Avast WEBforum
Other => Viruses and worms => Topic started by: pandamerah on September 11, 2013, 06:13:30 AM
-
Dear Experts,
Please help with the removal of this trojan.
It has been a day since the first warning of this trojan from avast.
I first try the TFC, and so far (2 hours after i ran it) there isn't any trojan activities appear from avast.
Please find attached the logs.
Thank you so much.
-
removers are notified...
-
One more log.
Please help, thank you so much :)
-
it may take some hours before any removal specialist arrive so be patient. ;)
-
Yes, Pondus.
Thank you for your friendliness :)
-
Hi, I will be working on your Malware issues.
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
O4 - HKU\S-1-5-21-969727876-1222006065-2701588059-1000..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\SUGIXI~1\AppData\Local\Temp\\tsiVi132.dll,start File not found
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRunX\AutoRunX.exe
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
:commands
[CREATERESTOREPOINT]
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:
c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
-
I run the command, like the pic attached, but the program is not responding and i have to hard reset it.
Did i do it wrong?
Please advise :)
Thank you
-
Please download zoek.zip ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
Dear Argus,
I downloaded zoek.zip, extracted it in desktop, closed the browser, disabled antivirus, ran zoek.exe, copied and ran the script like the pic attached.
Please find the log attached also. Is everything OK now?
Thank you :)
-
Not showing it zoek..
Please turn off Malwarebytes and run again OTL fix.
-
I didn't run Malwarebytes. And I don't find it in processes.
Where can I find it?
-
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
Startup ;)
Uninstall Malwarebytes and run fix.
-
Dear Argus,
I'm sorry but i don't really understand hahaha..
I uninstalled the Malwarebytes after reading your last post, then i opened OTL and clicked Run Fix but it said, "No fix has been provided".
What is it actually am i supposed to do?
-
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Do you do this??
See my first post.
-
Dear Argus,
I think i made mistake, i have just tried the command and here's the result.
Should i install Malwarebytes again and run the command on OTL?
-
Hi, I will be working on your Malware issues.
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
O4 - HKU\S-1-5-21-969727876-1222006065-2701588059-1000..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\SUGIXI~1\AppData\Local\Temp\\tsiVi132.dll,start File not found
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRunX\AutoRunX.exe
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
:commands
[CREATERESTOREPOINT]
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:
c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
-
Dear Argus,
I run the command and here is the result.
Is it okay?
Thank you so much
-
Another check
Re-run OTL and click Run scan
Attach here log. (OTL.txt)
-
Dear Argus,
I ran the scan just like http://forum.avast.com/index.php?topic=53253.0
minus the command on Custom Scans/Fixes.
Here's the log, thank you
-
OK, system is clean.
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
-
Dear Argus,
Thank you so much for guiding me to clean up things. You are awesome :)
However i still have adwcleaner, aswmbr, mbam-setup 1.75.0.1300, OTL, TFC, and all the log reports (but not the DelFix).
Probably because i move it (not on desktop). Do i need to delete them all?
-
Do i need to delete them all?
Yes.
-
if you want..... recomended programs to keep
Malwarebytes .... works great as extra scanner alongside avast
MCShield http://www.mcshield.net/ protect you from USB infections
-
if you want..... recomended programs to keep
Malwarebytes .... works great as extra scanner alongside avast
MCShield http://www.mcshield.net/ protect you from USB infections
Like :)
-
Dear Argus and Pondus,
Thank you so much for everything. You guys rocks :)