Avast WEBforum
Other => Viruses and worms => Topic started by: Mizare31 on November 02, 2013, 08:58:52 PM
-
Hello,
I am discovering several infected files during a 'scan of all local drives' as I am restarting my computer. I am afraid that I have allowed my boys a bit too much latitude in downloading some game stuff lately. Although I am typically involved, I am sensing they may be doing a bit more freelancing than I thought. Yep, my responsibility. Anywho, I am moving each flagged file to the chest as the scan is rolling and have several files so far (still scanning). I am asking what action I should take if/when the system finally loads? I am reading the general posts regarding running cleaning malware programs so I hope to better equipped to catch up, but am wondering who might help me try to resolve these issues. Thanks in advance.
- old dog trying to keep up...
-
Under Scan and quarantine at the bottom you can delete them. Select all, right click and delete.
Otherwise they could restore them.
-
-> http://www.avast.com/faq.php?article=AVKB21
-
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
-
But if Avast is not password protected his boys can restore the malware.
-
Then that is something for the user to correct and add password protection.
-
unfortunately, I only saw the first couple responses and have already deleted the files from teh chest and then attempted to restart my computer. Once again a serious hang during start up requiring hard close and restart.... further advice please. Thanks
-
# AdwCleaner v3.010 - Report created 02/11/2013 at 23:13:52
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
See attached report...
-
Hello,
I am discovering several infected files during a 'scan of all local drives' as I am restarting my computer. I am afraid that I have allowed my boys a bit too much latitude in downloading some game stuff lately. Although I am typically involved, I am sensing they may be doing a bit more freelancing than I thought. Yep, my responsibility. Anywho, I am moving each flagged file to the chest as the scan is rolling and have several files so far (still scanning). I am asking what action I should take if/when the system finally loads? I am reading the general posts regarding running cleaning malware programs so I hope to better equipped to catch up, but am wondering who might help me try to resolve these issues. Thanks in advance.
- old dog trying to keep up...
Hi Mizare31,
Seems it is time to move other users than yourself off any administrative account you may use. Change your admin password (write it down!) and then allocate one account to each of the other users but only as limited standard accounts. Why limited? Well, one cannot install a game or such unless they have the admin password, and you've changed it, so no new games can be installed without you knowing about it. Think of it as a way of protecting yourself from harm. (This should be done after cleansing your system.)
Don't give users full system-wide rights to modify the entire system when they don't know yet what they are doing. ;)
Can you get into Safe Mode?
To cleanse your system: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)
Run these four programs:
- AdwCleaner
- Malwarebytes
- OTL
- aswMBR.exe
Attach all four logs in your next reply. Logs are for diagnostic purposes only. Quarantine and remove, and attach resulting logs, only, with AdwCleaner and Malwarebytes. Attach logs only, for OTL and aswMBR.exe.
If not able to boot into normal or Safe Mode, let us know. If unable, a malware expert will be contacted. Otherwise, a certified malware expert removal expert will be contacted after you attach your logs and then he will come in to help you. He needs your logs to begin this process.
-
Hello??
Sorry for the delay, but my work/kid schedule has made getting all this together a challenge. I am so very grateful for your help and have noted the chastisement regarding allowing my 7 and 11 year old, who have always asked and had me help download (as I thought) any programs. I will certainly upgrade and limit access. here are the logs to date. Thanks again for all you do for older-half-time-juggling-single-parents-nearing-fifty :-). I do appreciate it more than I can say...
Regards, Michael
-
Monitoring...
-
Hi,
Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that report.
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
Hello again,
I realized I should add that after using the first couple cleaners I attempted, as directed a re-start of my system only to have it 'hang' with a blinking cursor line (? an underscore?) staring at me. If I do a hard stop (holding for approx. 30 seconds and even unplugging once) and then start it loads OK, but a restart driven by any program, or me, results in this annoying black screen with upper left blinking cursor/line. - I also saw, at one point the other day, a windows alert that said there was no virus protection detected, but after one of 'my restarts (hard close)' it hasn't appeared again. - also wondering what one of the scans meant by not recognizing a hard drive (so sorry I didn't write the exact phrase)... after about five clicks on 'retry' it moved along... thanks again for all you do and your help...
- michael
-
Ok, please procede with my instructions, when we remove malware, then we can talk about other issues...
-
OK... thanks...
-
System seems clean, how are the things now?
-
T H E.. and others...
I tried another Maleware run to see if anything remained after having to hard start, but it said things were clean. Unfortunately, in attempting another restart it hung again leaving the ugly blinking cursor on a black screen any pother advice? Thanks again...
- Michael
-
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
Thanks again! here you go...
-
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
SearchScopes: HKCU - {0084CFC8-654D-4F8D-810B-0C90659B88E8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN11909118411663820&UM=2
FF Extension: No Name - C:\Users\MnKnZnR\AppData\Roaming\Mozilla\Firefox\Profiles\tx30brt4.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.