Avast WEBforum
Other => Viruses and worms => Topic started by: mulongo on May 16, 2011, 08:19:57 PM
-
first i apologize fo my english.
i've avast 6.0 freware version, updated today, on a portatile pc with wondows XP professional.
Making a complete scan Avast detected Autorun-gen
I put it in trash bin as suggested.
Then Avast suggested me a boot scan that detected Win32:Confi. I canceled it as suggested
then... in my rescue folder i had Combofix. I updated it and make it run. I know i sould have to ask someone before... but the last time my pc was infected i did it an so...
Do you think Avast alone defeated those malwares?
i can attach the log report file is requested...
Thanks in advance to anyone would like to help me.
Simone
-
Could you attach the combofix log please and I will have a look see ;D
-
Could you attach the combofix log please and I will have a look see ;D
dear essexboy, hallo.
here the file
thanks
ps. i have renamed file in "logCombofix"...
-
Just one port to close by the looks of it. Are you experiencing any problems ?
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4198:TCP"=-
3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
4. Save the above as CFScript.txt
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
-
Just one port to close by the looks of it. Are you experiencing any problems ?
before my Avast scan slowness in all apps
And a strange error opening control panel of windows (it seemed don't find the control panel folder)
<b>the second log file is attached</b>
i hope i ddi all correctly
thank you
-
That looks good, are you unable to open control panel ?
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
That looks good, are you unable to open control panel ?
sorry, i didn't check it again after Avast cleaning... now control panel seems working.
Download and run OTS anyway?
thanks
-
Yes please - just to make sure ;D
-
Yes please - just to make sure ;D
done
-
Nope looks OK there are a few traces to go but that is all... This will also empty your temporary folders which seem to be a tad full
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (Comodo Anti-Virus and Anti-Spyware Service) Comodo Anti-Virus and Anti-Spyware Service [Disabled | Stopped] ->
[Driver Services - Safe List]
YY -> (catchme) catchme [Kernel | On_Demand | Running] ->
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9AA2F14F-E956-44B8-8694-A5B615CDF341} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1659004503-287218729-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-287218729-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
[File - Lop Check]
NY -> Avg7 -> C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
-
Nope looks OK there are a few traces to go but that is all... This will also empty your temporary folders which seem to be a tad full
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
well :'( i guess something went wrong.
After Run fix, a few seconds working ... BLUE SCREEN for a second! :o and Windows re-start automatically...
No OTS log file.
???
-
Now that is not normall
Lets check deeper
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
-
Now that is not normall
Lets check deeper
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
sorry, i needed to be offline for householding duties :)
this is the log
thank you... i guess "i see you" tomorrow
-
try to scan your system using this one to remove the conficker:
http://www.bdtools.net/ (http://www.bdtools.net/)
-
@ emantoyaks,
While we appreciate your help, Essexboy is in the middle of malware removal. Some tools are already on the OP's machine that he will eventually need to remove or instruct the OP how to remove. Therefore we will let Essexboy continue his malware removal on his own for now. Thank you. :)
-
Could I have a fresh OTS log please also I assume your computer is a dell
-
her i am essexboy... thank for your patience.
i attach here new Ots scan log.
A few notes:
- i've a HP laptop
- this evening again pc going slow
- at windows start, avast did not start automatically as usual
Thanks
-
A quick question whilst I look at the log - did you set the proxies in Firefox and IE ?
-
A quick question whilst I look at the log - did you set the proxies in Firefox and IE ?
i use only FF4
but... what are proxies??? ::)
-
I think that answers my question ;D
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (Comodo Anti-Virus and Anti-Spyware Service) Comodo Anti-Virus and Anti-Spyware Service [Disabled | Stopped] ->
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> 192.168.0.22:61380
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\user\Dati applicazioni\Mozilla\FireFox\Profiles\7rdnl2j2.default\prefs.js
YN -> network.proxy.backup.ftp -> "192.168.0.22"
YN -> network.proxy.backup.ftp_port -> 61380
YN -> network.proxy.backup.gopher -> "192.168.0.22"
YN -> network.proxy.backup.gopher_port -> 61380
YN -> network.proxy.backup.socks -> "192.168.0.22"
YN -> network.proxy.backup.socks_port -> 61380
YN -> network.proxy.backup.ssl -> "192.168.0.22"
YN -> network.proxy.backup.ssl_port -> 61380
YN -> network.proxy.ftp -> "192.168.0.22"
YN -> network.proxy.ftp_port -> 61380
YN -> network.proxy.gopher -> "192.168.0.22"
YN -> network.proxy.gopher_port -> 61380
YN -> network.proxy.http -> "192.168.0.22"
YN -> network.proxy.http_port -> 61380
YN -> network.proxy.no_proxies_on -> "localhost,127.0.0.1"
YN -> network.proxy.share_proxy_settings -> true
YN -> network.proxy.socks -> "192.168.0.22"
YN -> network.proxy.socks_port -> 61380
YN -> network.proxy.ssl -> "192.168.0.22"
YN -> network.proxy.ssl_port -> 61380
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9AA2F14F-E956-44B8-8694-A5B615CDF341} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@btrez.dll,-4015]
[File - Lop Check]
NY -> Avg7 -> C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
-
information attached
fix was quick but just at the end (during creation of the restore point) OTS and Pc seemed to freeze.
I typed CTRL+ALT+CANC e and system asked me to reboot... also reboot seemed to go bad (only a black screen with mouse cursor)
I restart manually Pc adnd then i get this log file anyway
-
Total Files Cleaned = 107,00 mb
This was why the run took so long - a very full set of temporary files
What are your current problems
-
I see, thanks.
at the moment, i see only that Avast doesn't start automatically... or it seemed very slower to start.
I guess even that FF4 on this old machine doesn't fit...
Maybe i've to delete something on my hard drives, one of them is almost full...
Other suggestions?
-
Drive C: | 19,53 Gb Total Space | 3,39 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Drive D: | 36,35 Gb Total Space | 30,86 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive E: | 641,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I would recommend moving data to your D drive as much as possible, then run a checkdisc and defrag on C
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
For the first run I would recommend a boot defrag and disk check
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Puran.gif)
-
ok, i try
thank you essexboy
-
done...
only Avast still non activate it self automatically at start as usual
i'll try to verifiy all settings in the options
-
Run a repair on Avast go to add/remove and select Avast - on the left will be several options , select repair
-
done, great!
it seems all going well.
thanks a lot, essexboy.
-
Let it run for a day or so and when you are happy I will remove my tools
-
hi essex boy,
i'm here again, after a few days - and after a good "cleaning" of my 2 HD's,
i register again slowness in all apps
a few minutes ago appeared an alert about a script blocking CPU with this referral:
"Script: resource://gre/components/nsBlocklistService.js:722"
What do yiu think about it?
Thanks!
-
What programme generated that
-
well in that moment was running only FF and Avast was looking as usually for updates
even appeared a message about a Java update...
-
I think I will need to run combofix again as that looks in the weird and wonderfull Firefox hidey holes
Download ComboFix from one of these locations: You will need a fresh copy
Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
-
well... FF4 give me a few problems even in my office, where i've a more powerful machine...
it's time for Chrome, maybe, on this old laptop ?
in the next post the combofix report.
-
strange... ???... i've downloaded Combofix two times form both links,
but when i close FF, the Combofix icon on desktop disappeares!
i try again
-
Where is Firefox saving it to - Try right clicking the link and selecting save as and put it on your desktop
-
here at last
-
Well not a sausage there - Has the alert reappeared ?
-
;D
no... maybe i've to accept that my "Old boy" here is... old.
Tnanks again for your time!
-
Let me know if you are happy in the next day or so and I will remove my tools
-
ok... i'll do it
-
hallo essexboy... it seems all going well... you can remove your stuff... thanks a lot again.
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
For the first run I would recommend a boot defrag and disk check
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Puran.gif)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:
-
ho, essexboy
so, i've almost done everything
- Under the Hidden files and folders heading select Do not show hidden files and folders.
This was already set up as you suggest (?)
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
after dowloaded, i tried to install it but appears the error window you find attached.
what is it ?
and the software installed doesn't work
that's it
Tell me... doctor ;D
S.
-
OK that means that you need to have an updated version of dotnet installed for the programme to function
Could you go to windows updates and get your dotnet framework updated or press the Si button and it will get it for you
-
well, it asks IE to run Windows Update... and... i've uninstalled it a few week ago, to save some space in the hard drive... or almost i thought i've uninstalled it...
can this generate problems in my pc safety?
-
No as IE is an integral part of windows