Author Topic: Colexity777 and espeak911 virus  (Read 1993 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Colexity777 and espeak911 virus
« on: February 21, 2015, 05:43:25 PM »
So, I'm sure I can't say anything that hasn't been said already. I am working on this computer for a friend and don't know what happened to get it to this state, but I have full functionality after a few modifications and unistallations, but I still get the Avast! warning regarding those two websites from a svchost.exe file. I have a decent amount of CPU usage despite no programs actively working. I would love some help figuring out how to stop this from occurring.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Colexity777 and espeak911 virus
« Reply #1 on: February 21, 2015, 05:58:16 PM »
Hi, I would like to get a second opinion on the MBR

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKU\S-1-5-18\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ->  No File
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
FF Extension: No Name - C:\Documents and Settings\Administrator.TROJAN-CE93127E\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2015-02-18]
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system  and Use KSN to scan objects , then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

REDACTED

  • Guest
Re: Colexity777 and espeak911 virus
« Reply #2 on: February 24, 2015, 05:02:35 PM »
The AdwCleaner is listed as S2 because I've ran that scan a few times in trying to solve this problem myself.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Colexity777 and espeak911 virus
« Reply #3 on: February 24, 2015, 05:15:47 PM »
Run TDSSKIller again and this time select delete for the following :

\Device\Harddisk0\DR0 - detected TDSS File System ( 1 )


Once done could you let me know how the system is behaving

REDACTED

  • Guest
Re: Colexity777 and espeak911 virus
« Reply #4 on: February 24, 2015, 06:09:37 PM »
Well, Avast popups went crazy with quarantine items, but I haven't seen any of the original problem alerts. So far, so good. Thanks for your help. If anything pops up later, I'll be sure to keep in touch.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: Colexity777 and espeak911 virus
« Reply #5 on: February 24, 2015, 06:20:03 PM »
Quote
Thanks for your help. If anything pops up later, I'll be sure to keep in touch.
Essexboy is not finish yet .... he will remove the tools used   ;)


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Colexity777 and espeak911 virus
« Reply #6 on: February 24, 2015, 07:03:39 PM »
Let me know when you are happy and I will remove my tools and tidy up