Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on February 25, 2017, 03:46:01 PM

Title: How to get rid of a Trojan?
Post by: REDACTED on February 25, 2017, 03:46:01 PM

Hi,

On Wednesday, my USB key got infected by a Trojan (VBS: Downloader-AJV

) in a copy center : when I inserted the key in my computer, avast made a warning and put the infected file in quarantine. After a quickscan which was ok, I ran a complete scan of my computer on Thursday and avast found the same Trojan in the c:\Users\AppData\Local\Temp and put it in quarantine. Just to be sure, I ran another complete scan of my computer yesterday : avast found the same Trojan in the same part of the computer and put it in quarantine as well. Could anyone tell me what I should do to get rid of this Trojan for good? Thank you!

Title: Re: How to get rid of a Trojan?
Post by: Eddy on February 25, 2017, 03:54:40 PM

Follow the instructions in the sticky of this forum.

Title: Re: How to get rid of a Trojan?
Post by: Pondus on February 25, 2017, 06:47:30 PM

Quote from: Eddy on February 25, 2017, 03:54:40 PM

Follow the instructions in the sticky of this forum.

That means instructions here  >  https://forum.avast.com/index.php?topic=194892.0

attach requested logs
- Malwarebytes
- Farbar Recovery Scan Tool
- MCShield (this log you copy and paste)

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 25, 2017, 10:40:31 PM

Hi Eddy and Pondus,

I have attached the logs (sorry for taking so long but the Malwarebytes scan took hours to complete).
The Malwarebytes and FRS Tool were installed in French, so the logs are in French as well, I hope it won't be a problem!
Thank you!

Title: Re: How to get rid of a Trojan?
Post by: Pondus on February 25, 2017, 10:42:50 PM

as said above, MCShield log must be copy paste. A forum issue make it look like chinese when attached


Malware expert is notified, he may not be online before tomorrow

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 25, 2017, 10:47:58 PM

Hi Pondus,

Thank you!
Sorry, I didn't pay attention about the MCShield log copy/paste. Here its is:



>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 22:26:55 > Drive C: - scan started (Acer ~419 GB, NTFS HDD )...



=> The drive is clean.

Title: Re: How to get rid of a Trojan?
Post by: Pondus on February 25, 2017, 11:00:54 PM

did you plug in the infected USB key?

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 25, 2017, 11:21:01 PM

As you might have guessed, I'm no computer expert, I hadn't plugged the infected USB key :)
Below is the MCShield log with the infected USB key plugged in. During the scanning, AV issued a warning several times, I made a screen capture (see attached file).




>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 22:26:55 > Drive C: - scan started (Acer ~419 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 23:07:24 > Drive D: - scan started (Lexar ~15259 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 23

---> D:\RW-passport-photo.jpg > unhidden.

---> D:\20150930121853269.pdf > unhidden.

---> D:\._.Trashes > unhidden.

---> D:\Spinoza.jpg > unhidden.

---> D:\20150930121902609.pdf > unhidden.

---> D:\20150930121911301.pdf > unhidden.

---> D:\20151208_123407.mp4 > unhidden.

---> D:\._20151208_123407.mp4 > unhidden.

---> D:\Conjugaison.pdf > unhidden.

---> D:\prog-2014-psy2m.pdf > unhidden.

---> D:\Décès Kulcsar Mor - 1941 Eger.jpg > unhidden.

---> D:\Mariage Bajor Marta - 1929 Budapest V.jpg > unhidden.

---> D:\Ancestry.pdf > unhidden.

---> D:\HealingTrauma.pdf > unhidden.

---> D:\Miki.docx > unhidden.

---> D:\VOYELLES HONGROIS.doc > unhidden.

---> D:\Pfeifer (2).rmgc > unhidden.

---> D:\Voyelles.doc > unhidden.

---> D:\Signature Witz Lipot.JPG > unhidden.

---> D:\Testament Delikat Salamon - 1881.JPG > unhidden.

---> D:\Coupon-GO-2.pdf > unhidden.

---> D:\VRAI FAUX PSYCHANALYSE.pdf > unhidden.

---> D:\Scripts xp Pottié_version Homme.pdf > unhidden.



>>> D:\RW-passport-photo.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 RW-passport-photo.jpg.lnk.113522; MD5: 133b11fc070f7b462f220774fd8bb32e)

>>> D:\20150930121853269.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121853269.pdf.lnk.689384; MD5: 0944fb28616e085e1260fa271376abf8)

>>> D:\._.Trashes.lnk - Malware > Deleted. (17.02.25. 23.11 ._.Trashes.lnk.504674; MD5: b28068f2fc2009de6fd5505defccaeaf)

>>> D:\Spinoza.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Spinoza.jpg.lnk.994824; MD5: 0fdb6074d0de45067ca98191bc7af474)

>>> D:\20150930121902609.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121902609.pdf.lnk.411460; MD5: fc5dad4610646db6fb558371c3667492)

>>> D:\20150930121911301.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121911301.pdf.lnk.754629; MD5: 136ae2fece9840159f1f7785fcc0eabf)

>>> D:\20151208_123407.mp4.lnk - Malware > Deleted. (17.02.25. 23.11 20151208_123407.mp4.lnk.37974; MD5: 833fb9c698ce6524353021343ac235e3)

>>> D:\._20151208_123407.mp4.lnk - Malware > Deleted. (17.02.25. 23.11 ._20151208_123407.mp4.lnk.483212; MD5: cdcffb2ff3dbca9964ef7445fc7535f0)

>>> D:\Conjugaison.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Conjugaison.pdf.lnk.870200; MD5: 5f99a719e3dcdd51d9e7dda01f695b4c)

>>> D:\prog-2014-psy2m.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 prog-2014-psy2m.pdf.lnk.53444; MD5: 3c7c48214606cae4d39439245e9841a7)

>>> D:\Décès Kulcsar Mor - 1941 Eger.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Décès Kulcsar Mor - 1941 Eger.jpg.lnk.588199; MD5: 100c9cd21e79390b8f4fee6baaff2678)

>>> D:\Mariage Bajor Marta - 1929 Budapest V.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Mariage Bajor Marta - 1929 Budapest V.jpg.lnk.707902; MD5: 7b7ba43576c2b98cb4c5c86ee991feae)

>>> D:\Ancestry.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Ancestry.pdf.lnk.14643; MD5: da6d6a456e22f886202b110461930ddb)

>>> D:\HealingTrauma.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 HealingTrauma.pdf.lnk.224913; MD5: 4daa8e6e25a3909ed574aa08ea891f62)

>>> D:\Miki.docx.lnk - Malware > Deleted. (17.02.25. 23.11 Miki.docx.lnk.60014; MD5: 833603347900480531cea89c50462ffe)

>>> D:\VOYELLES HONGROIS.doc.lnk - Malware > Deleted. (17.02.25. 23.11 VOYELLES HONGROIS.doc.lnk.456841; MD5: f7220f215de51376209cbdc6c4d59eac)

>>> D:\Pfeifer (2).rmgc.lnk - Malware > Deleted. (17.02.25. 23.11 Pfeifer (2).rmgc.lnk.224946; MD5: 4b85264ebe01fa174f54f03eae069868)

>>> D:\Voyelles.doc.lnk - Malware > Deleted. (17.02.25. 23.11 Voyelles.doc.lnk.747063; MD5: c20bb30bde52120b4fe805c23f6b8790)

>>> D:\Signature Witz Lipot.JPG.lnk - Malware > Deleted. (17.02.25. 23.11 Signature Witz Lipot.JPG.lnk.665865; MD5: ec3b9b42e18b8a7fc56d5533e3e9b8fd)

>>> D:\Testament Delikat Salamon - 1881.JPG.lnk - Malware > Deleted. (17.02.25. 23.11 Testament Delikat Salamon - 1881.JPG.lnk.869313; MD5: ac67ca62dfe0233202cedfb5a396bd42)

>>> D:\Coupon-GO-2.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Coupon-GO-2.pdf.lnk.491925; MD5: dcadccf663e59295e242aa5d55031f20)

>>> D:\VRAI FAUX PSYCHANALYSE.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 VRAI FAUX PSYCHANALYSE.pdf.lnk.388205; MD5: a1cdfc59a1bfeace4b01ba09bb47e1d5)

>>> D:\Scripts xp Pottié_version Homme.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Scripts xp Pottié_version Homme.pdf.lnk.472267; MD5: fba54e011873aa3979198d3f7c6712e9)

>>> D:\.Trashes.lnk - Malware > Deleted. (17.02.25. 23.11 .Trashes.lnk.479406; MD5: 236137784bd92b7d55712b58b0cc8505)

>>> D:\System Volume Information.lnk - Malware > Deleted. (17.02.25. 23.11 System Volume Information.lnk.956524; MD5: 883539e5f49b9683999ebd356bc7fb1c)

>>> D:\.Spotlight-V100.lnk - Malware > Deleted. (17.02.25. 23.11 .Spotlight-V100.lnk.88952; MD5: 76be02a4b178a0536660d6556569aeab)

>>> D:\Photos à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Photos à imprimer.lnk.651521; MD5: 460c7a5bd130fceed44f5d5e03ef0bde)

>>> D:\Articles PT sociale 2015.lnk - Malware > Deleted. (17.02.25. 23.11 Articles PT sociale 2015.lnk.383722; MD5: eb7a024ea28d934cb941d72531a59795)

>>> D:\Pour Patricia.lnk - Malware > Deleted. (17.02.25. 23.11 Pour Patricia.lnk.571471; MD5: 8c62b77092e8d3c2306bbb73f313001c)

>>> D:\Encore.lnk - Malware > Deleted. (17.02.25. 23.11 Encore.lnk.871871; MD5: caabaec8e07a90542cd8baa16b227d25)

>>> D:\Attachments.lnk - Malware > Deleted. (17.02.25. 23.11 Attachments.lnk.921736; MD5: 308f308f682e7249a8c7df064351158c)

>>> D:\Hébreu biblique.lnk - Malware > Deleted. (17.02.25. 23.11 Hébreu biblique.lnk.273607; MD5: db675902550b480b0cf80195c3dae466)

>>> D:\Mindfulness Bell.lnk - Malware > Deleted. (17.02.25. 23.11 Mindfulness Bell.lnk.216330; MD5: 45d24bfc1ca85a6291d0d560886dd8de)

>>> D:\Programme Sambhota.lnk - Malware > Deleted. (17.02.25. 23.11 Programme Sambhota.lnk.628244; MD5: 1c270fac94594867778df039daf954ab)

>>> D:\Tibétain.lnk - Malware > Deleted. (17.02.25. 23.11 Tibétain.lnk.165405; MD5: b7a87175a4df915ffaf91af5d88a1c69)

>>> D:\Photos.lnk - Malware > Deleted. (17.02.25. 23.11 Photos.lnk.786879; MD5: ff4ae4c052cddf05e904641c587485c4)

>>> D:\Buddhism.lnk - Malware > Deleted. (17.02.25. 23.11 Buddhism.lnk.152482; MD5: 085eb0787cd96e7949528553eba1d541)

>>> D:\Open Focus.lnk - Malware > Deleted. (17.02.25. 23.11 Open Focus.lnk.653740; MD5: 2461e87a3b85a6a01816efb4fe4d9fd8)

>>> D:\Pest records.lnk - Malware > Deleted. (17.02.25. 23.11 Pest records.lnk.805760; MD5: 1fbde33697aba38f8d0c9bcc855e024a)

>>> D:\Yad vashem.lnk - Malware > Deleted. (17.02.25. 23.11 Yad vashem.lnk.89980; MD5: 78764cc6c204da95226af8a991efb9c3)

>>> D:\Justice Budapest - demandes.lnk - Malware > Deleted. (17.02.25. 23.11 Justice Budapest - demandes.lnk.516282; MD5: f0ffd05c6eff32e139e1d3246d26125b)

>>> D:\Vienne - demandes.lnk - Malware > Deleted. (17.02.25. 23.11 Vienne - demandes.lnk.885096; MD5: 206e3b413724885f865646f35160f457)

>>> D:\Généalogie - à faire.lnk - Malware > Deleted. (17.02.25. 23.11 Généalogie - à faire.lnk.990324; MD5: 14b16eed0ac6df2211f991a3e3a5dc2d)

>>> D:\Mariages Lowy.lnk - Malware > Deleted. (17.02.25. 23.11 Mariages Lowy.lnk.268115; MD5: 38b5835d99f8f614c3b598b0e67d86b7)

>>> D:\Transferer.lnk - Malware > Deleted. (17.02.25. 23.11 Transferer.lnk.283344; MD5: 3467a301410c35eb6033e209e6f59378)

>>> D:\Nécrologies Vienne - Witz.lnk - Malware > Deleted. (17.02.25. 23.11 Nécrologies Vienne - Witz.lnk.205033; MD5: a3db5dfe5f36e87d99d44c7bbfaa420d)

>>> D:\Brett Lipot.lnk - Malware > Deleted. (17.02.25. 23.11 Brett Lipot.lnk.404414; MD5: 65bc7af87bfe73f5ba9596be5c62438b)

>>> D:\Brett Mor.lnk - Malware > Deleted. (17.02.25. 23.11 Brett Mor.lnk.358333; MD5: 38f2a1865aa858d1e94ae799a9514654)

>>> D:\Inscription UCL.lnk - Malware > Deleted. (17.02.25. 23.11 Inscription UCL.lnk.745845; MD5: ca4cc987d1fc0374f89aedd010ee25dc)

>>> D:\Nouveau.lnk - Malware > Deleted. (17.02.25. 23.11 Nouveau.lnk.431910; MD5: 0c8a856eed26959a9e0662c578ffe457)

>>> D:\Pour le transfert sur laptop.lnk - Malware > Deleted. (17.02.25. 23.11 Pour le transfert sur laptop.lnk.254940; MD5: e815456dff2d2dcb108966bc89701237)

>>> D:\Master UCL.lnk - Malware > Deleted. (17.02.25. 23.11 Master UCL.lnk.560020; MD5: 54952d17601209ddeaf840a91311c396)

>>> D:\Tombes - à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Tombes - à imprimer.lnk.143317; MD5: 4b25f14abae71d7aab4e09df8194b7c1)

>>> D:\Imprimer couleur.lnk - Malware > Deleted. (17.02.25. 23.11 Imprimer couleur.lnk.472054; MD5: 4e063210c829a64144164e14446a7420)

>>> D:\Verbes à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Verbes à imprimer.lnk.551088; MD5: 948b229e07c3747b49406cb48d22132d)

>>> D:\Partie 2.lnk - Malware > Deleted. (17.02.25. 23.11 Partie 2.lnk.925437; MD5: da54549b99c82850d78815b6c5105ce3)

>>> D:\A imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 A imprimer.lnk.35345; MD5: efcc11126f7372b36ca3f0b78829be60)

>>> D:\A transférer ce soir.lnk - Malware > Deleted. (17.02.25. 23.11 A transférer ce soir.lnk.941508; MD5: fb0e2b058fa1dc4dec402e1f6f5ca28d)

>>> D:\Advanced Tibetan Dialogues.lnk - Malware > Deleted. (17.02.25. 23.11 Advanced Tibetan Dialogues.lnk.730342; MD5: 6619d70e2a6ae35694c9668d42091c77)

>>> D:\Etude de cas.lnk - Malware > Deleted. (17.02.25. 23.11 Etude de cas.lnk.439541; MD5: 561fd4ba51c3827fbb5de9b5f33d3266)

>>> D:\LRZTP.lnk - Malware > Deleted. (17.02.25. 23.11 LRZTP.lnk.130853; MD5: 8c3cafbb1aecafc7dbd6f09848b89f86)

>>> D:\A sauver.lnk - Malware > Deleted. (17.02.25. 23.11 A sauver.lnk.204988; MD5: dfde1f0956ac6af6aba620c1799be1f5)

>>> D:\animheb-cd.lnk - Malware > Deleted. (17.02.25. 23.11 animheb-cd.lnk.622063; MD5: 05c0007f2fe74275b34020eccde5bd19)

>>> D:\Imprimer examens 2017.lnk - Malware > Deleted. (17.02.25. 23.11 Imprimer examens 2017.lnk.731358; MD5: 3994b4f197f3341b8336c5a8c35687a5)

>>> D:\WOLFF.lnk - Malware > Deleted. (17.02.25. 23.11 WOLFF.lnk.815857; MD5: 1b91c01af4cd73fff2823cd1bbc44b1b)

>>> D:\VRAI FAUX Wolff.lnk - Malware > Deleted. (17.02.25. 23.11 VRAI FAUX Wolff.lnk.592052; MD5: e0b677598c729b3a3850f66941dd5129)

>>> D:\Clinique psychanalytique PDF.lnk - Malware > Deleted. (17.02.25. 23.11 Clinique psychanalytique PDF.lnk.290231; MD5: 19cc1d121867d9153ddd92b47170a84f)

>>> D:\IMPRIMER DOCS.lnk - Malware > Deleted. (17.02.25. 23.11 IMPRIMER DOCS.lnk.465866; MD5: 0bd6b48f4e17140f0c83293b0f903e5a)

>>> D:\Manuel.doc.lnk - Malware > Deleted. (17.02.25. 23.11 Manuel.doc.lnk.204540; MD5: c892d32e10e848ea35985e08e49a429a)

> Resetting attributes: D:\.Trashes < Successful.

> Resetting attributes: D:\System Volume Information < Successful.

> Resetting attributes: D:\.Spotlight-V100 < Successful.

> Resetting attributes: D:\Photos à imprimer < Successful.

> Resetting attributes: D:\Articles PT sociale 2015 < Successful.

> Resetting attributes: D:\Pour Patricia < Successful.

> Resetting attributes: D:\Encore < Successful.

> Resetting attributes: D:\Attachments < Successful.

> Resetting attributes: D:\Hébreu biblique < Successful.

> Resetting attributes: D:\Mindfulness Bell < Successful.

> Resetting attributes: D:\Programme Sambhota < Successful.

> Resetting attributes: D:\Tibétain < Successful.

> Resetting attributes: D:\Photos < Successful.

> Resetting attributes: D:\Buddhism < Successful.

> Resetting attributes: D:\Open Focus < Successful.

> Resetting attributes: D:\Pest records < Successful.

> Resetting attributes: D:\Yad vashem < Successful.

> Resetting attributes: D:\Justice Budapest - demandes < Successful.

> Resetting attributes: D:\Vienne - demandes < Successful.

> Resetting attributes: D:\Généalogie - à faire < Successful.

> Resetting attributes: D:\Mariages Lowy < Successful.

> Resetting attributes: D:\Transferer < Successful.

> Resetting attributes: D:\Nécrologies Vienne - Witz < Successful.

> Resetting attributes: D:\Brett Lipot < Successful.

> Resetting attributes: D:\Brett Mor < Successful.

> Resetting attributes: D:\Inscription UCL < Successful.

> Resetting attributes: D:\Nouveau < Successful.

> Resetting attributes: D:\Pour le transfert sur laptop < Successful.

> Resetting attributes: D:\Master UCL < Successful.

> Resetting attributes: D:\Tombes - à imprimer < Successful.

> Resetting attributes: D:\Imprimer couleur < Successful.

> Resetting attributes: D:\Verbes à imprimer < Successful.

> Resetting attributes: D:\Partie 2 < Successful.

> Resetting attributes: D:\A imprimer < Successful.

> Resetting attributes: D:\A transférer ce soir < Successful.

> Resetting attributes: D:\Advanced Tibetan Dialogues < Successful.

> Resetting attributes: D:\Etude de cas < Successful.

> Resetting attributes: D:\LRZTP < Successful.

> Resetting attributes: D:\A sauver < Successful.

> Resetting attributes: D:\animheb-cd < Successful.

> Resetting attributes: D:\Imprimer examens 2017 < Successful.

> Resetting attributes: D:\WOLFF < Successful.

> Resetting attributes: D:\VRAI FAUX Wolff < Successful.

> Resetting attributes: D:\Clinique psychanalytique PDF < Successful.

> Resetting attributes: D:\IMPRIMER DOCS < Successful.


=> Malicious files   : 69/69 deleted.
=> Hidden folders    : 45/45 unhidden.
=> Hidden files      : 23/23 unhidden.

____________________________________________

::::: Scan duration: 4min 24sec ::::::::::::
____________________________________________

Title: Re: How to get rid of a Trojan?
Post by: Pondus on February 25, 2017, 11:39:15 PM

Check back tomorrow when malware expert have checked your logs   ;)

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 26, 2017, 10:02:45 PM

Thank you! I'm looking forward to the malware expert's feedback.

Title: Re: How to get rid of a Trojan?
Post by: dbrisendine on February 26, 2017, 10:19:59 PM

(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Fix with Farbar Recovery Scan Tool

(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) This fix was created for this user for use on that particular machine. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)
(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) Running it on another one may cause damage and render the system unstable. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is the system running now?  Does Avast still find the VBS malware?

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 27, 2017, 01:41:37 AM

Hi!
Thank you very much for your reply. I've started the FRST fix 3 hours ago and it is still running, it is normal it's taking so long?
I will let it run overnight and hope it will be done by tomorrow morning.

Title: Re: How to get rid of a Trojan?
Post by: Pondus on February 27, 2017, 02:05:21 AM

Quote

I've started the FRST fix 3 hours ago and it is still running, it is normal it's taking so long?

No it sometimes hang, you may abort and run again

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 27, 2017, 10:06:59 AM

That's what I did then : I aborted it and started again.
The second run kept going too and, after more than two hours, I ended it. But, during the first 5 minutes, there is a Fixlog text that appeared on my desktop (see attached file). Does it mean it worked or should I run it again?

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 27, 2017, 01:05:15 PM

Is it possible that the reason why the FRST fix is taking so long lies in the Fixlist? I have just checked it and I see that the user name is not me. Does it matter?

Title: Re: How to get rid of a Trojan?
Post by: Eddy on February 27, 2017, 01:22:30 PM

Yes it does mater.
Looks like dbrisendine used the wrong log files.

Title: Re: How to get rid of a Trojan?
Post by: dbrisendine on February 28, 2017, 07:44:08 AM

I'm not sure what happened.  This is Fixlist for this user.  Delete the previous one and run this Fixlist file.  (You are more than welcome to check the user name to insure that it is correct for you.)

Title: Re: How to get rid of a Trojan?
Post by: REDACTED on February 28, 2017, 11:41:07 PM

Thank you so much! I ran the Fixlist file and it seems it worked very well (I've attached the Fixlog) : I ran an AV scan and it didn't detect any virus!

I have 2 questions though :
- Should I just throw away the USB key that got infected or is there a way to clean it up?
- Do I need to keep the MCShield, FSRT and Malwarebyes or can I uninstall them (my computer is still a bit slow)?

Title: Re: How to get rid of a Trojan?
Post by: dbrisendine on March 01, 2017, 05:32:59 AM

Quote from: Jonath79 on February 28, 2017, 11:41:07 PM

Thank you so much! I ran the Fixlist file and it seems it worked very well (I've attached the Fixlog) : I ran an AV scan and it didn't detect any virus!

I have 2 questions though :
- Should I just throw away the USB key that got infected or is there a way to clean it up?
- Do I need to keep the MCShield, FSRT and Malwarebyes or can I uninstall them (my computer is still a bit slow)?

1)  MCShield should have cleaned the USB drive but if you want you can format the drive if yu do not want to keep any of the files on the drive.


2)  You can uninstall Malwarebytes if it is slowing your system down.  The rest we will take care of with the following:



If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way ...


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here (https://toolslib.net/downloads/finish/2/) to your desktop and double click it to start the program
  
• Ensure Remove disinfection tools is ticked
  Also tick:
  
• Activate UAC
• Create registry backup
• Purge system restore
• Reset system settings

(http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png)

• Click Run
  
• The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system.  Please attach the log in your next reply.
  

You can delete any log files left on your desktop as these are no longer needed.

==Some Tools to consider to help keep your system safe ==

Unchecky (http://unchecky.com/files/unchecky_setup.exe) is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent (http://www.foolishit.com/download/cryptoprevent-installer/) is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here (http://www.foolishit.com/vb6-projects/cryptoprevent/).

Also, consider keeping MalwareBytes Antimalware (http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe) in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript (http://noscript.net/) and uBlock Origin (https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/") add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place? (http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/)
and
COMPUTER SECURITY - a short quide to staying safer online (http://"http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960")

---

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

Title: Re: How to get rid of a Trojan?
Post by: Pondus on March 01, 2017, 07:32:12 AM

MCShield will not slow down your comp, the program is dormant until a usb device is plugged in, then it scan and clean if anything is found and goes to sleep again. It will protect your flash drive from malware that use removable drives to spread so it is reccomended to keep