Avast WEBforum

Other => Viruses and worms => Topic started by: zygomatic on November 14, 2013, 05:22:07 PM

Title: Another VBS Flufferminer -D[Trj] detected
Post by: zygomatic on November 14, 2013, 05:22:07 PM

The screenshot of the "infected" file is in the attachment. I'll start posting the requested logs.
Please help!  :(

Title: Re: Another VBS Flufferminer -D[Trj] detected
Post by: zygomatic on November 14, 2013, 05:34:15 PM

This is AdwCleaner[S1].txt

# AdwCleaner v3.012 - Report created 14/11/2013 at 17:26:46
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : ZygOmatiC - FAPCHINA
# Running from : C:\Users\ZygOmatiC\Desktop\adwcleaner2.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\ZYGOMA~1\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\ZygOmatiC\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ybfgn.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\ZygOmatiC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3828 octets] - [10/11/2013 09:37:10]
AdwCleaner[R1].txt - [3878 octets] - [10/11/2013 10:14:33]
AdwCleaner[R2].txt - [3938 octets] - [10/11/2013 10:21:07]
AdwCleaner[R3].txt - [1149 octets] - [10/11/2013 10:28:17]
AdwCleaner[R4].txt - [1471 octets] - [14/11/2013 17:24:54]
AdwCleaner[S0].txt - [3866 octets] - [10/11/2013 10:23:30]
AdwCleaner[S1].txt - [1400 octets] - [14/11/2013 17:26:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1460 octets] ##########

Title: Re: Another VBS Flufferminer -D[Trj] detected
Post by: TwinHeadedEagle on November 14, 2013, 08:01:24 PM

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.

Double click aswMBR.exe to start the tool.

• Select Yes if prompted to download the Avast database.
   
• Click Scan
   
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.
  
  

Title: Re: Another VBS Flufferminer -D[Trj] detected
Post by: zygomatic on November 15, 2013, 12:41:22 AM

asMBR.txt


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-14 17:35:05
-----------------------------
17:35:05.673    OS Version: Windows x64 6.1.7601 Service Pack 1
17:35:05.673    Number of processors: 2 586 0x170A
17:35:05.674    ComputerName: FAPCHINA  UserName:
17:35:06.986    Initialize success
17:35:07.473    AVAST engine defs: 13111400
17:35:36.860    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:35:36.862    Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11
17:35:36.880    Disk 0 MBR read successfully
17:35:36.882    Disk 0 MBR scan
17:35:36.884    Disk 0 Windows 7 default MBR code
17:35:36.900    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:35:36.915    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99900 MB offset 206848
17:35:36.938    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       376938 MB offset 204802048
17:35:36.959    Disk 0 scanning C:\Windows\system32\drivers
17:35:51.969    Service scanning
17:36:22.007    Modules scanning
17:36:22.013    Disk 0 trace - called modules:
17:36:22.031    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003ca92c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:36:22.035    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5a060]
17:36:22.040    3 CLASSPNP.SYS[fffff88001af443f] -> nt!IofCallDriver -> [0xfffffa8004ad2e40]
17:36:22.045    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004acf060]
17:36:22.050    \Driver\atapi[0xfffffa8004aa6e70] -> IRP_MJ_CREATE -> 0xfffffa8003ca92c0
17:36:22.778    AVAST engine scan C:\Windows
17:36:32.737    AVAST engine scan C:\Windows\system32
17:42:21.155    AVAST engine scan C:\Windows\system32\drivers
17:42:38.646    AVAST engine scan C:\Users\ZygOmatiC
18:15:18.663    AVAST engine scan C:\ProgramData
18:20:39.232    Scan finished successfully
00:39:25.650    Disk 0 MBR has been saved successfully to "C:\Users\ZygOmatiC\Desktop\MBR.dat"
00:39:25.658    The log file has been saved successfully to "C:\Users\ZygOmatiC\Desktop\aswMBR.txt"

Title: Re: Another VBS Flufferminer -D[Trj] detected
Post by: zygomatic on November 15, 2013, 12:55:24 AM

FRST.txt (attached)

Addition.txt (attached)