win32:junkpoly-b[cryp]

[DavidR]

Avast Boot-time scan.

CmdLine - quick
aswBoot.exe /A:"C:" /A:"*" /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:3 /dir:"C:\Program Files\Alwil Software\Avast5"
<snip>

That isn't the file that I mentioned above, that is more help to a tech when debugging a problem, for one for us mere mortals, check the one I mentioned.

As I said - Check this for the boot-time scan, C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt (winXP location).

[ruinofthedeadfluffy97]

This would be the moment of truth, huh?

I'm on my moms old comp that she gave me, so that will explain the name.


It also said on OTL.txt that if I saved it as ANSI that I'd lose some data from the text. Is that okay?


If everything turns out okay, you have my deepest gratitude. I would be seriously screwed if my machine died, and I didn't have a computer (Banking, Email, Ordering online, Etc)

[SafeSurf]

Thank you for posting your OTL logs.  I have referred your case to our Certified Malware Expert, Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time.  He will respond to you in this thread, so remember to check this thread daily.  I will continue to provide assistance in the meantime, then remain in the background while he works with you.

Please do not make any further changes to your machine now that you have provided the logs.

Please let me know if you have any further questions.  Thank you.

[ruinofthedeadfluffy97]

Avast found two of those viruses.

I clicked move to chest, but it couldnt find file specified.

My task manager also showed an un-closable program. A bunch of numbers... here's an example. "A1297A73618-27498A-848E-84-5AF44"  I re-booted, and it went away.


Yahoo answers said it's a file corrupter. I am trying what someone suggested. Dr.web. (I wasn't thinking. It was early in the morning, and I was freaking out.)

Here are my current questions.

1. Should I stop worrying about it stealing my bank passes/email passes?
2. Will this thing kill my computer? (File infector)
3. Will re-installing windows save me? Or will system restore do it?
4. Should I provide another OTL?
5. If I see that weird program again, should I force it to close?
6. Could the virus be one infected program, and once that program is executed, will it start the virus?

[essexboy]

3. Will re-installing windows save me? Or will system restore do it?

Of the two a reformat is always the best option.  But it may not be required unless you fancy a fresh start 

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\arjuw.sys -- (vnkifm)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
  [2010/08/19 17:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Momma\Application Data\Mozilla\Firefox\Profiles\0jlcfp74.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

.
THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[ruinofthedeadfluffy97]

Essexboy, Combofix WON'T have the same or similar effect as a restore/re-installing windows, right? That OTL custom scan won't delete anything noticeable, right?


I have one more question. Will this thing go through my modem/internet connection and get to my wireless laptop?

[DavidR]

Well essexboy won't be around until after work.

However, he wouldn't tell you to do something that was harmful to your system. Comboxfix, is nothing like a restore or re-installing windows, it is working within windows to remove specific malware, the same is true of OTL, the data fir the custom scan is specific to your problem.

It runs on the local system on which it is installed and not across a network. If you want you can always shutdown your laptop, but it shouldn't be necessary.

[essexboy]

David is right the only things being removed from your computer are the bad boys

This is nothing like a re-install or repair.  All documents, data and non-malicious programmes are safe

OTL is removing a bad driver- some norton remnants - a few bad BHO's and clearing all the temporary files, then reseting your DNS cache

Combofix will remove all the remaining bad boys, then show me any that it is unsure of