Avast WEBforum
Other => Viruses and worms => Topic started by: jeremydw on December 22, 2013, 02:50:37 PM
-
I have the same problem as this users post. please help. I've done step 2 GMER.
http://forum.avast.com/index.php?topic=138715.0
-
:)
-
Then, follow instructions for other two tools and attach reports...
-
how do I attach? I tried copying and pasting, didnt work.
-
Click Attachments and other options below type field...
-
thanks.
-
Ok, do not use USB until we clean system. Unplug it, and do not use it!
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
() C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKLM\...\Run: [bsrcifwdwj] - C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs [73993 2013-08-09] () <===== ATTENTION
HKLM\...\Run: [83202a340eb5a597bdd6a5a7999d30e7] - C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe [120320 2013-11-24] () <===== ATTENTION
C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs
C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe
HKLM\...\Run: [uyhhjfselh] - C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs [128757 2013-12-13] () <===== ATTENTION
C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs
HKCU\...\Run: [bsrcifwdwj] - C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs [73993 2013-08-09] () <===== ATTENTION
HKCU\...\Run: [83202a340eb5a597bdd6a5a7999d30e7] - C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe [120320 2013-11-24] () <===== ATTENTION
HKCU\...\Run: [uyhhjfselh] - C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs [128757 2013-12-13] () <===== ATTENTION
MountPoints2: {37b685a8-2d35-11e3-9bd4-001fc65f6dab} - J:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83202a340eb5a597bdd6a5a7999d30e7.exe ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bsrcifwdwj..vbs ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uyhhjfselh.vbs ()
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCyD0FyC0D0A0B0EtC0DzytN0D0Tzu0CyCtBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1885743359&ir=
C:\Users\Administrator\AppData\Local\Temp
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
-
Done.
-
shall I move on to step MCShield?
-
Re-run FRST, press Scan and attach fresh report.
-
ok. Rescanned.
-
Good, PC is clean, procede with MCShield step...
-
Great! Thanks. You are the man.
-
Great! Thanks. You are the man.
???
We're not yet done, follow my instructions...