Author Topic: Virus Injected msg (Read 2810 times)

REDACTED · « **on:** November 11, 2015, 08:54:25 AM »

Received msg stating "virus injected into computer ring 1-800..... to have release. Avast Boot Scan doesn't locate anything???
Do I worry,
Help please
Chris

Thanks, attached logs
MBR saved as .dat??

Asyn · « **Reply #1 on:** November 11, 2015, 09:24:15 AM »

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

REDACTED · « **Reply #2 on:** November 11, 2015, 12:00:39 PM »

Thank you.
I've attached logs

Eddy · « **Reply #3 on:** November 11, 2015, 12:06:18 PM »

The malwarebytes log is missing.

Please do not change the logfile names.
The date a log is created is already in the log files.

REDACTED · « **Reply #4 on:** November 11, 2015, 12:15:11 PM »

Sorry, won't change names

Scan log attached

Chris

Asyn · « **Reply #5 on:** November 11, 2015, 01:56:09 PM »

OK, now you've to wait a bit...

essexboy · « **Reply #6 on:** November 11, 2015, 03:54:55 PM »

Did this appear on a web site ? If you clicked nothing you are safe it was a scam

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2013-12-20 10:02 - 2013-12-20 10:20 - 0000040 _____ () C:\Users\Chris\AppData\Roaming\Opusbext.dat
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #7 on:** November 11, 2015, 09:33:44 PM »

THANK YOU!
When pop-up appeared on web site, I pressed "x" then "leave page", then turned off modem, computer, uninstalled Chrome, ran Avast boot-time scan, ran "clean-up". reinstalled Chrome, re-ran boot-time scan. Posted msg to you.
Really appreciate your help.

DO I NEED TO WORRY ABOUT OTHER LAPTOPS, TABLETS, PS4, on home Network?
Sons doing final year 12+10 exams, so have been using internet for study, last exam tomorrow.

regards
Chris (full 12 hour day at work, home 8pm Aust EST)

essexboy · « **Reply #8 on:** November 11, 2015, 10:11:13 PM »

No, nothing should have been affected as it was popup on the web page, which would only activate if you had clicked through and I am sure Avast would have blocked it then

REDACTED · « **Reply #9 on:** November 12, 2015, 09:59:34 AM »

Thanks Heaps for your assistance!

regards
Chris
P.S. Do I owe you guys anything or donations etc?

Asyn · « **Reply #10 on:** November 12, 2015, 10:03:00 AM »

Quote from: chriskelly2526 on November 12, 2015, 09:59:34 AM

P.S. Do I owe you guys anything or donations etc?

Nope, our help is free.

Author Topic: Virus Injected msg (Read 2810 times)

REDACTED

Virus Injected msg

Asyn

Re: Virus Injected msg

REDACTED

Re: Virus Injected msg

Eddy

Re: Virus Injected msg

REDACTED

Re: Virus Injected msg

Asyn

Re: Virus Injected msg

essexboy

Re: Virus Injected msg

REDACTED

Re: Virus Injected msg

essexboy

Re: Virus Injected msg

REDACTED

Re: Virus Injected msg

Asyn

Re: Virus Injected msg