Avast WEBforum
Other => Viruses and worms => Topic started by: stephenob16 on March 12, 2014, 02:02:38 AM
-
Hey, Ive been having a lot of problems recently and when I did a boot time scan it showed up that I had this virus and couldnt delete it.
Thank You
-
This is my aswMBR log. It got stuck while scanning Spotify Launcher, dont know why. Cheers
-
Hi stephenob16,
First, we will directly hit with powerful ComboFix and then we're targeting all other junk using Zoek.
--- --- ---
ComboFix
--- ---
1. Please download ComboFix by sUBs from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
Note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
Instructions how to disable avast:
- Right click on the avast! system tray icon ((http://www.mcshield.net/pg/images/avast5.png)) in the lower right corner of the screen and scroll up to avast! shield controls;
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
ComboFix shall also create addition log. Please attach it to your reply.
C:\Qoobox\ComboFix-quarantined-files.txt
--- --- ---
Zoek
--- ---
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Uninstall-List;
EmptyFoldersCheck;Delete
EmptyCLSID;
AutoClean;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
Okey dokey, here are those logs.
-
Do I need to do anything else or am I sorted do you think?
-
Hi stephenob16,
Logs looks good actually. Both, CF and Zoek did a great thinks in cleaning.
Re-run Zoek tool as you did before but this time use this script:
c:\windows\system32\NV;VS
c:\users\Stephen\AppData\Local\{2A82324E-1E3C-4E88-A68A-8BA11B0417FE};VS
c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP;F
Yontoo 1.10.03;U
When zoek finish his work, attach here the fresh created zoek log.
--- --- ---
... I did a boot time scan it showed up that I had this virus and couldnt delete it.
I would like to see what avast has been detected in his boot time scan. Please attach here his aswBoot.txt logreprot.
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt