Avast WEBforum
Other => Viruses and worms => Topic started by: warnolo on December 22, 2011, 01:30:56 AM
-
Hi. I think i have some infection on my computer and i'm following the guide.
Here is my log after the first scan with MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Versión de la Base de Datos: 911122201
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22/12/2011 1:24:59
mbam-log-2011-12-22 (01-24-59).txt
Tipos de Análisis: Análisis Rápido
Objetos examinados: 183832
Tiempo transcurrido: 3 minuto(s), 6 segundo(s)
Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 1
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Archivos Infectados:
c:\Users\Usuario\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Sorry for the language, i'm spanish
-
attch the rest of the logs...read the guide
lower left corner > additional options > attach
-
Ok, now getting to the next step.
Edit: wrong format, now is the right one.
Also, after getting into the disk manager what should i do?
Edit 2: sorry, too stupid to read.
-
Now the log of the aswMBR
Getting to the last step.
-
Ok, last step.
so after this everything should work well?
-
Damn it, i'm still infected.
Should i repeat all the process?
-
Damn it, i'm still infected.
Should i repeat all the process?
now you go to sleep....then come back tomorrow when essexboy have looked at the log...
Then the removal begins ;)
he is usually in here around 08:00pm - 11:59pm UK time
-
ok, i'll try to sleep, i'm nervious and not knowing what is going to be.
-
Also the infected file that gives me problems looks like is called dxdiag.exe and i can't disable it.
Well, anyway, i'll go to sleep.
-
Here i am again, panicing like crazy and i can't really relax.
I changed all my important passwords on another computer and now i'm just waiting.
I could just format the disk and leave it like comming from the factory, but still i'm waiting an awnser about this. Now i just need any tip to relax because I'm still too nervious to do anything.
-
Now i just need any tip to relax because I'm still too nervious to do anything.
Don't panic..! ;)
And wait for essexboy...
-
worst think is that now i see viruses anywere everywere and now i don't even dare to use my email account even in this computer.
I would be happy if just anyone could tell me "Nah, is just a bothering thing but nothing serious, so don't be scared about a machine taking your whole life from the net" but well, i don't want to lie to myself.
Also, sorry if i talk too much, i just need to express myself or i would feel worse.
-
Also, sorry if i talk too much, i just need to express myself or i would feel worse.
NP at all, still you have to be patient. ;)
-
Hi on completion could you let me know what problems you are experiencing
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
I posted it on Unicode because it says that some characters would be lost in ansi, but i still have the log open.
Also i have to run the problem mode (don't really know how is called in english) because now my screen gets black except the cursor.
So is something serious?
-
What happens when you go to normal mode ?
-
it starts "normally" but having the whole back image black, not my deskstop. I can move the cursor, but without nothing to click i think.
-
also i'm forgetting that after running the fix for the first time it got the blue windows, rebooted and then started the black background problem.
-
From safe mode menu could you select "repair my Computer" and let me know if that works
-
Forgive my ignorance. How do i do it?
-
OK when you start the computer immediately press and hold F8
A menu will then appear
From the list select "repair my computer"
If that should fail then we will reset the system and approach it a different way
Again get to the safe mode menu but this time select
Safe mode with a Command prompt
At the command prompt, type %systemroot%\system32\restore\rstrui.exe and then press ENTER.
Follow the instructions that appear on the screen to restore your computer to a functional state.
-
Ok, going to do the first and see how it works.
Wish me luck.
-
didn't work out and i didn't had the Safe mode with a Command prompt, but as i have an Acer i hitted alt+f10 hopping for any restoration menu, but now i'm on a screen that say
Edit windows boot options for: Windows Setup
Path: \windows\system32\boot\winload.exe
and then a large command in [ ] ending in boot.wim.
Damn, how do i have to proceed?
Edit: Sorry if i'm panicing a little, but i'm kind of scared.
Edit 2: Also, if it is helpfull, i'm windows 7
-
Aye those were commands for windows 7
OK lets try a different approach now
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
Well, now i activate the normal mode the antivirus aren't active. And now i clicked it and it doenst load, still thinking.
Should i try in safe mode?
edit: ok, forget last part, and the antivirus suddenly came out, but deactivated, also now is trying to create a restore point.
-
So you are now back in normal Mode ?
-
I am.
Damn it, i'm doing it wrong? is completing the stages well i think.
When i pass you the log you can tell me later.
-
one thing, autoscan is part of the combofix?
-
Yep it will check all known malware infection points
-
ok, i got scared.
Also, when rebooted it got the black background again, so i had to restart and enter the safe mode, now is preparing the log.
-
It can be scary the first time you see it run ;D
-
Alright, theres the log, but i don't see it worked.
So what do we do now?
Also i have to say that the avast and MBAM poped out when it started.
-
OK I think I know what the black screen problem was... OTL was still clearing all of your temporary folders (they must have been rather full )
What problems are you experiencing at the moment ?
-
well, now it got slow, the voice recognition (that was infected i think) doesn't work, Didn't checked out but avast didnt work (as it was broken or something)
Now i don't know what is going on, so how should i proceed from know?
Well, well, not really slow but the programs that start with the computer doesn't start untill a long while, don't know how is now as i'm scared to try.
Also, can you tell me what was going on with the install file on the d:\? thats my restore disk to restart the computer into factory configuration. I would like to know if it got infected too and i can confirm i'm damned.
-
Is avast working now ?
If not then run a repair
Go to control panel
Programs and Features
Select Avast
On the popup scroll down on the left to the repair and select that
-
can i do it on safe mode?
-
ok, tried to do it on safe mode and gave me an error saying.
Error procesing packages.
Please use full update.
And then this:
22.12.2011 23:08:49 general: Started: 22.12.2011, 23:08:49
22.12.2011 23:08:49 general: Running setup_ais-509 (1289)
22.12.2011 23:08:49 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:08:49 system: Memory: 13% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029324/2097024K free
22.12.2011 23:08:49 system: Computer WinName: USUARIO-PC
22.12.2011 23:08:49 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:08:49 general: Cmdline: /uninstwiz
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 registry: Deleted registry: Software\AVAST Software\Avast\UpdateReady
22.12.2011 23:08:49 system: Using temp: C:\Users\Usuario\AppData\Local\Temp\_asw_aisI.tm~a01492 (251384M free)
22.12.2011 23:08:49 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:08:49 general: DldSrc set to inet
22.12.2011 23:08:49 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:08:49 system: Computer DnsName: Usuario-PC
22.12.2011 23:08:49 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:08:49 system: Installed in: C:\Program Files\AVAST Software\Avast (251384M free)
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:49 package: Part prg_ais-509 is installed
22.12.2011 23:08:49 package: Part vps_win32-11122200 is installed
22.12.2011 23:08:49 package: Part setup_ais-509 is installed
22.12.2011 23:08:49 package: Part jrog-a7 is installed
22.12.2011 23:08:49 package: Part jrog2-3b9 is installed
22.12.2011 23:08:49 general: LoadState: Edition=1
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:08:49 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:08:49 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
22.12.2011 23:08:49 general: SelectCurrent: selected server 'Download323 AVAST5 Server' from 'main'
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:54 general: Operation set to INST_OP_REPAIR
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entering:UpdateInstallPackages
22.12.2011 23:08:54 general: progress thread start
22.12.2011 23:08:54 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:08:54 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:08:54 package: Error processing packages. 0x20000011
-
No do it in normal mode
-
ok, this is weird.
The computer doesn't look working weirdly except by the fact that every starting program doesn't start at the very beggining like always.
And the error is the same. I'll post the inform in the next post.
-
22.12.2011 23:17:12 general: Started: 22.12.2011, 23:17:12
22.12.2011 23:17:12 general: Running setup_ais-509 (1289)
22.12.2011 23:17:12 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:17:12 system: Memory: 17% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029312/2097024K free
22.12.2011 23:17:12 system: Computer WinName: USUARIO-PC
22.12.2011 23:17:12 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:17:12 general: Cmdline: /uninstwiz
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 system: Using temp: C:\Users\Usuario\AppData\Local\Temp\_asw_aisI.tm~a04136 (251417M free)
22.12.2011 23:17:12 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:17:12 general: DldSrc set to inet
22.12.2011 23:17:12 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:17:12 system: Computer DnsName: Usuario-PC
22.12.2011 23:17:12 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:17:12 system: Installed in: C:\Program Files\AVAST Software\Avast (251417M free)
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:17:12 package: Part prg_ais-509 is installed
22.12.2011 23:17:12 package: Part vps_win32-11122200 is installed
22.12.2011 23:17:12 package: Part setup_ais-509 is installed
22.12.2011 23:17:12 package: Part jrog-a7 is installed
22.12.2011 23:17:12 package: Part jrog2-3b9 is installed
22.12.2011 23:17:12 general: LoadState: Edition=1
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:17:12 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:17:12 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
22.12.2011 23:17:12 general: SelectCurrent: selected server 'Download347 AVAST5 Server' from 'main'
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:18:30 general: Operation set to INST_OP_REPAIR
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entering:UpdateInstallPackages
22.12.2011 23:18:30 general: progress thread start
22.12.2011 23:18:30 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:18:30 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:18:30 package: Error processing packages. 0x20000011
Also, thanks to MBAM i know i'm still infected and recieving attacks.
-
So avast is there, unable to start or to update even if i click on repair or iniciate on the program window.
-
OK I will need to use a different analysis/curing programme - this will take several hours to run dependant on the size of your drive
Upload the zip file to megaupload - link at the bottom
Download AVPTool from Here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
(http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPfront.gif)
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpsettings.gif)
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
(http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPAnalysis.gif)
On completion click the link to locate the zip file to upload and attach to your next post
(http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPZiplocation.gif)
Megaupload (http://www.megaupload.com/)
-
So i install the Karpenski tool?
edit: ok, didn't say anything after reading well.
edit 2: Also how many several hours? Because if is over 3 or 4 i could go to bed, but i'm scared to leave my computer turned on alone.
-
It may take two hours - it is really dependant on how many files you have
-
Another question. Kaspersky detected a trojan and offers me to delete it, but it didn't finished the scan, shall i delete it?
Also yeah, it say 2 hours.
By the way, should i worry more than i already am? is this infectiont really severe?
-
Ok, i readed it again, but know i'm worried about something, one of the infected items can't be deleted or put in quarantine. It only offers me the skip option.
edit: theres an screenshot
-
also it stuck in a 00000001.fil item and doesn't go further, just getting from 2 to 4 hours.
What should i do?
-
Sorry to insist, but it poped out now to 5 hours and it doesn't go further, so starting to get worried.
I'm online and in normal mode if you need to know.
edit: Seven hours now and increasing after more than 20 minutes with the same file.
-
Essexboy have logged off for the day...you find him back here tomorrow...
-
well, now i'm screwed.
Alright, i'll try tomorrow but damn, everything is still messed up.
-
Also Pondus, i guess you can't help me, right?
-
Essexboy is the expert on this...
relax, it is only a computer......watch some TV, essexboy is back tomorrow
-
Is not the computer what i'm worried about. I could always restart the whole thing, i just want to know if what i have is something so bad.
Edit: Well, i lied a bit, i'm worried about the computer. It is expensive you know.
-
Well, i'm going to bed.
If tomorrow i can't fix it, i guess it would be time to restore it to the original configuration.
-
Good morning everyone.
Here i am, changing passwords and getting more stressed everytime as i don't know what to do.
The computer is still starting the normal mode with the background totally black and in safe mode looks like the kaspersky tool isn't finding any infection.
I¡m sorry if I'm whinning too much, but now i start the holydays and my computer got screwed, and right now i would be happy by any word that would make me feel better and calmed or at least less worse and nervious.
Edit: Confirmed. I can't do anything in normal mode and in safe mode Kaspersky doesn't detect anything. I'll wait Exxesboy to see how should i proceed, but well, i'll do something else and pray that my info is safe.
Who knows, maybe I'm too worried about that.
-
Essexboy, are you there?
I guess you are not going to be tomorrow, so can you tell me if you feel like this time is going to work? I don't mind to restore the system if that ends all this madness.
So tell me, what are we going to do today?
-
Please, anyone, just anyone. Tell me anything.
Should i wait? should i restore the system? what should i do?
I'm tired and worried as hell.
Just tell me anything.
Just anything.
-
may i ask how old you are.... ::)
-
may i ask how old you are.... ::)
Come on Pondus, it's Christmas. ;D
-
Saddly i'm old with a child's mind, and you see, even mockery is better than no response.
Sorry if i sound stupid or anything, i'm just worried about what got my computer.
-
Sorry if i sound stupid or anything, i'm just worried about what got my computer.
You don't sound stupid, you're just worried. ;)
Anyway, as it's Christmas soon, you maybe have to be patient a few more days...
-
Essexboy also have a life.....he is in here every day helping....and doing it for free
it does not help going bananas
-
Yeah, I'm sorry, i don't know what got me.
Well, i think i can live without the computer fixed until monday or tuesday, is only the unknown what makes me go stupid.
Also i should thank you doing the job without any payment, is just... well, is just i'm silly for acting like that.
-
Well, going to bed.
Merry christmass everyone and sorry for my behavior.
-
No this is more of an annoyance than any great severity. Allow AVP to kill all it finds
The main part I am after though is the analysis zip file
-
Oh, that calms me a lot :)
Well, i have the same problem of the black background, so i'll try again to scan it in safe mode.
Thank you for everything and merry christmass :)
-
With the black background is it because windows is taking a long while to load ?
-
No, windows load normally, only that when i'm on windows, i have nowhere to click.
Only the cursor in a black screen with nowhere to click.
-
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 6 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
-
Already downloaded it before. Should i use it again?
-
Yes please but could you update to the latest version... The download link is the same as previous
-
Ok, there is.
-
Could you run the AVP analysis and upload it for me to look at
-
in safe mode or should i try to see if the normal mode works?
-
Either which it makes no difference
-
Ok, no threat detected. I saved the info using the manual disinfectation and i'll attach it later when i'm back.
-
Well, here's the other info. It is weird that i didn't found any threat with the kaspersky, but well, you'll tell me what to do.
www.megaupload.com/?d=GSQSQ7J6
-
Nothing apparent hidden there
What are the current problems please
-
What i told you.
Windows start normally, but when it start there is only the cursor moving in a black screen.
Also i don't believe there is no infection because i recieve attacks in safe mode with net options when i start the MBAM or the Kaspersky.
I'm a little worried now, what is going on? Maybe the virus screwed witht he system?
I started a full scan with the MBAM and i'll tell you what i found.
Also, could you tell me what do you think is going on? it would calm me a little.
Edit: Also ctrl+alt+del works showing all the programs active, but i can't turn them off or access the programs active in all the sesions.
Edit 2: I'm seeing all the proccesses active and svchost is active all over.
-
Well, this is the most weird thing i ever met.
I can't find any infection with the malwarebite.
Anyone knows any virus that suddenly dissapears but leaves the pc messed up?
Well, i'll wait you to tell me what to do, but maybe i should just restore the system if you are ok with that.
-
With this much wierdness I believe that would be the best option.
-
Well, working on that. Thank you very much for your time and work but let me ask you one last question.
What should i install to prevent something like this? Or at least to be more safe than just using Avast.
-
Well, working on that. Thank you very much for your time and work but let me ask you one last question.
What should i install to prevent something like this? Or at least to be more safe than just using Avast.
Malwarebytes PRO....then you get autoupdate and a protection module
a one time fee for a liftime license
-
I see. I will check it out later.
Also, there is no chance i'm still infected right?
As you can see, I'm a pretty paranoid guy.
-
When you reset the system you will start as if new. There was no indication of a hidden partition malware, which would be able to carry over. But, if you wish we can double check that once you have completed
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
(http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif)
-
There you have.
So i guess everything is fine now.
-
Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
That states that all is well ;D
-
Thank any god in the existence.
Well, now i have McAfee until february and I won't get into any movie streaming page again.
Thank you all for your attention and i hope we could talk again but without any other worry again.
-
The main thing is to be suspicious if any page asks you to update a programme to make something work.. Always get updates from the main vendor page i.e. Flash from Adobe and nowhere else