Avast WEBforum

Other => Viruses and worms => Topic started by: DavidR on August 25, 2011, 02:01:56 AM

Title: Topic for kliudzew
Post by: DavidR on August 25, 2011, 02:01:56 AM

please help, attached the report files.

Thanks in advice!
Cheers, Arunas.

####
@ kliudzew
Please Reply in this topic and give an outline of what your problem is, so we can get a better understanding of the problem. Once you do the other topic post http://forum.avast.com/index.php?topic=53253.msg681195#msg681195 (http://forum.avast.com/index.php?topic=53253.msg681195#msg681195) will be deleted.

Title: Re: Topic for kliudzew
Post by: essexboy on August 25, 2011, 04:02:44 PM

You will need to reinstall Avast on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Quote

  :OTL
  PRC - [2011.08.24 23:24:21 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
  SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
  SRV - [2011.08.24 23:24:21 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
  IE - HKU\S-1-5-21-3958066275-1763255316-255783152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=RGxdm1708Aus&ptb=0FF7791D-AA71-4E67-8230-2F790EED16B5
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
  O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
  O4 - HKLM..\Run: [tray_ico] File not found
  O4 - HKLM..\Run: [tray_ico2] File not found
  O4 - HKLM..\Run: [tray_ico3] File not found
  O4 - HKLM..\Run: [tray_ico4] File not found
  O31 - SafeBoot: AlternateShell - services32.exe
  [2011.08.24 23:24:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
  [2011.08.24 23:24:03 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
  [2011.08.24 23:01:26 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
  [2011.08.22 18:35:59 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
  [2011.08.22 18:32:32 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
  [2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0-lnk
  [2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0
  [2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0-lnk
  [2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0
  [2011.08.24 23:01:38 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
  [2011.08.24 23:01:38 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
  [2011.08.24 23:01:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
  [2011.08.24 23:01:39 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
  [2011.08.24 23:01:38 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
  [2011.08.24 23:01:38 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
  [2011.08.24 23:01:22 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
  [2011.08.24 23:01:16 | 000,000,135 | ---- | C] () -- C:\Windows\info1
  [2011.08.22 18:18:30 | 001,213,440 | -H-- | M] () MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -- C:\Windows\update.tray-15-0-lnk\svchost.exe
  [2011.08.22 18:18:30 | 001,213,440 | -H-- | M] () MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -- C:\Windows\update.tray-7-0-lnk\svchost.exe
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Windows\services32.exe
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Update and run Malwarebytes

Title: Re: Topic for kliudzew
Post by: DavidR on August 25, 2011, 04:28:36 PM

Now all we need is kliudzew to join the party ;D