Thunderskin fix

[essexboy]

Due to the number of files to kill I have attached the fix as a text file Download the text file and open - copy all of the text

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the text attachment below to your Clipboard by highlighting it and pressing (Ctrl+C):

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.After copying the attached text
  
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions.  This log file will be located at  C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .

[Thunderskins]

Sorry about the other thread     Here is the file. What is OTL log?

[essexboy]

My apologies that is my standard canned for another forum

Download Combofix from any of the links below. You must rename it before saving it.  Save it to your desktop.

Link 1
Link 2





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you. 
• Please post the C:\ComboFix.txt along with a

[Thunderskins]

hey essexboy thank you for the help. Here is the file   

[essexboy]

A few more to kill - how is your computer running now ?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

File::
c:\windows\system32\config\systemprofile\cjstqbtthq.exe
c:\documents and settings\Michael\tmpF.exe
c:\documents and settings\Michael\c.dat
c:\documents and settings\Michael\b.dat
c:\windows\system32\config\systemprofile\a.dat
c:\documents and settings\Michael\a.dat
c:\windows\system32\config\systemprofile\$inst
c:\documents and settings\Michael\mia142.tmp
c:\documents and settings\Michael\MAR*.tmp
c:\documents and settings\Michael\fla15B.tmp
c:\documents and settings\Michael\fla14D.tmp
c:\documents and settings\Michael\tmp*.tmp

Folder::
c:\temp\wz33f

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.  This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt .

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Thunderskins]

My computer seems to be running ok. I did remove avast home and installed avast professional edition. I already have malware on my computer. So I will run the combofix with the cfscript and I will let you knowwhat happens.

[Thunderskins]

Here is the combofix file.

[Thunderskins]

and here is the mbam log file.

[essexboy]

OK that looks good - can you confirm that all is now OK

[Thunderskins]

Everything seemed to be ok but I could never get the avast icons to show in the system tray, I assumed it was running. I got on the net this morning went to a few sites and then everything went wacky. I finally got to run malwarebytes in safe mode and I had a bunch of viruses. They were even popping up in safe mode. It also messed up avast with the virus chest thing, so I tried to repair avast and it didn't work then I uninstalled and reinstalled avast, ran the scans and no viruses were detected. Everything seems to be doing fine now.

I uploaded the mbam logs to mediafire here  http://www.mediafire.com/?sharekey=a9e2fec41ce5376761d4646c62b381cbe04e75f6e8ebb871 wasn't sure if I could attach to post but like I said It seems to be running fine at the moment. The avast has a clean scan and the malwarebytes scan is also clean.

[essexboy]

Looking at that you appear to have gained a rogue AV - can you remember what site it went wacky on ?

I will need you to re-run combofix as MBAM will not get them all.  Combofix may ask to update, allow it to do so

Post the new log here