Avast WEBforum
Other => Viruses and worms => Topic started by: xephini on November 03, 2013, 10:15:10 PM
-
Hello everyone,
So today as I started up my PC I was immediately told that Avast had found an adware program and I proceeded to put it in the chest and began a start-up scan. It is, frankly, still going, but in all found files there seems to be a pattern; they're related to one of these three:
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)
I know nothing about viruses and how to remove them (just looking at the virus log makes me panic), so I'm desperately in need of help with this. What should I do when the scan is finished? Should I keep the infected files in the chest or delete them? Should I copy my photos, music and documents just in case? Will I be able to get rid of the virus/viruses at all?
-
PUP=Potentially unwanted program (NO VIRUS)
Follow this guide if you want a check: http://forum.avast.com/index.php?topic=53253.0
-
So should I use all the scanners in that thread, or are any of them more important; in that case which ones should I begin with?
-
Needed are ADWCleaner, Malwarebytes, OTL and aswMBR.
Use the attachments and other options option under the answer box to attach them.
When done malware removers will help you. When one arrives follow his instructions.
-
Okay, thank you! My scan is at 64 % and it's getting really late, should I press esc to abort the scan and turn my PC off, or will it pause correctly if I put it to sleep? I want to avoid starting it up on its own so I probably shouldn't leave it overnight.
-
I would let it finish.
After that you can turn off your PC. Dont forget to save the log file.
-
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)
these are crapware, and AdwCleaner / Malwarebytes should clear these
still, attach all logs as requested so the removalexpert can check for leftovers...
-
So after getting home from school, I proceeded to do another boot scan (nothing was found this time, I have ~25 files in my virus chest though since yesterday).
Then I used the four different scanning programs; I'll attach the logs below. :)
-
The rest of the scanning logs.
-
Sorry to bump this thread with a double post, but what exactly do I do now? I think I might have succeeded in removing the files (I've emptied the chest as well), so can I uninstall the software?
-
Hi,
Let's just preform some additional checking...
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
emptyclsid;
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA};c
installedprogs;
uninstall-list;
C:\Windows\SysWow64\*.tmp;f
C:\Windows\*.tmp;f
filesrcm;
startupall;
firefoxlook;
chromelook;
autoclean;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
Here it is! :)
-
Zoek has done the rest of the job. How's your computer running now?
-
It's running fine without problems, thanks a lot! :D
One last question: Inside my AdwCleaner folder, there's a quarantine folder which contains some vir files related to Search Protect. What do I do with these?
-
Let's remove all used tools.
Re-run AdwCleaner and hit Uninstall button. Then we shall use DelFix for cleaning all used tools, there files and folders...
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link (http://www.mcshield.net)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
-
Hi! :) Sorry to bother you again, but I proceeded to use delfix and it removed everything except for one folder: zoek_backup
There are three vir files in there, do I need to do something about that?
-
Hi! :) Sorry to bother you again, but I proceeded to use delfix and it removed everything except for one folder: zoek_backup
There are three vir files in there, do I need to do something about that?
Hm...DelFix should been updated to remove zoek_backup.
Well...please feel free to remove it by yourself. ;)
-
Done! :D
Also, thanks a million for helping me out with this! I really, really appreciate it ;D
-
;)
-
Hello, I've been '' Infected '' with the same files. I do not see anything going wrong or slow on my computer, but I've detected it doing a Quick Avast Scan. Got all three mentionned here. (SearchProtect-C ... SOMOTO-J PUP . etc.) Ran the scans mentionned on the page. Will post two of my Logs into this one. I've got one more program to run.
-
Here's MalwareBytes log results, and the other one. Will scan with MalwareBytes again just for fun of seeing.
-
Scanned again with MalwareBytes and nothing found. Guess I can delete the programs I've downloaded :D But what doe my Logs say ?
-
@Counterparts89
Why told you to run zoekscript that isn't written for your computer? Just to let you know that zoek has wiped outh just a few legitimate entry.
If you wish help, run these tools:
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) ((http://www.mcshield.net/personal/magna86/Images/FRST_canned.png)) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
THEN...
Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:
Gmer download link (http://www2.gmer.net/download.php)
Note: file will be random named
Double-clicking to run GMER.
- Wait for initial scan to finish - if there is any query, click No;
- Click [ Scan ] button and wait until the full scan is complete;
- Click [ Save ... ]- save the report to the Desktop (named ARK );
- Then click the >>> button and select Autostart card;
- Click [ Scan ] button;
- After quick scan, click Copy button;
- Open notepad and Paste text. Save report to the Desktop (named autostart )
> Attach here both Gmer logreports. (ARK.txt and autostart.txt)
-
Well, my computer goes very well, even better since I've followed the steps, I don't know which Legitimate Entry I've deleted, but nothing goes wrong anywhere. Should I still run what You're telling Me to run? Thanks for the answer
-
No matter what, I've done what You asked Me, just to be sure everything is fine!
Here are the Logs You've mentionned You'd need.
Thanks a ton for the Reply once again, Appreciate it!
-
You are malware (http://en.wikipedia.org/wiki/Malware) free. :) Posted logs are now appear cleans and show no signs of active infection.
Good workman always cleans up after himself.
• The following will implement some post-cleanup procedures:
=> Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by Xplode to your Desktop.
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
--- --- --- --- --- --- --- --- --- --- ---
• To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:
1. Keep Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php), update it regularly or from time to time and run a Quick Scan weekly.
Malwarebytes will detect and remove all traces of known malware. MBAM isn't AntiVirus and it can NOT replace it.
2. Keep MCShield Anti-Malware (http://www.mcshield.net/downloads.html), the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
MCShield, has been designed as a lightweight scanner that's smart enough to catch even new worms and work in fully automatic removal mode.
3. It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
Temp File Cleaner aka TFC by OldTimer (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/)
TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.
--- --- --- --- --- --- --- --- --- --- ---
• How to protect yourself?
- I recommend that you use one of the fantastic opportunities provided by (http://www.mcshield.net/pg/images/avast5.png) avast! 2014.
1. Adjust avast! to target PUP (http://computersecurity.wikia.com/wiki/Potentially_unwanted_program) software:
Run avast! 2014 by clicking the system tray icon in the lower right corner of the screen.
Click on Settings, in the new window that opens, click on Active Protection, then under File System Shield click on gear wheel...
Under Sensitivity part of option check box for Scan for potentialy unwanted programs PUP.
2. avast! Software Updater. Run avast!, click on Tools > Software Updater.
For security reasons, make sure you do update your browser(s), Java, Flash Player, and basically every software you use often.
3. avast! Browser Cleanup. Run avast!, click on Tools > BrowserCleanup.
Browser Cleanup tool is an integrated tool in avast! AV that allows you the control on browsers unwanted addons.
4. avast! Malware Scan. Run avast!, click on Scan and preform QuickScan by clicking on Start button.
Every once in a whilere, it's recommended to preform virus scan with avast! 2014.
- Windows Updates, beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Widnows XP (http://support.microsoft.com/kb/306525); Windows Vista (http://windows.microsoft.com/en-US/windows-vista/Understanding-Windows-automatic-updating); Windows 7 (http://windows.microsoft.com/en-US/windows7/Understanding-Windows-automatic-updating) and Windows 8 (http://windows.microsoft.com/en-us/windows-8/windows-update-faq)