Author Topic: Problems with a Virus (Read 2954 times)

xNoaa · « **on:** April 16, 2013, 11:51:54 AM »

So over the past week I've been having quite a problem with performance issues and I've been trying to run lots of anti-virus programs like Malware and Avast to try to fix them. Even after multiple Malware full scans, the infected files keep popping up and my laptop is still having problems running.

Avast identifies the infected files as having a Win32:Malware-gen virus. And this is located in the Windows/TEMP folder. Here are various logs from some scans I've run. These include AdwCleaner, Malware Bytes Anti-Malware, OTL, and aswMBR.

Please help me with my problems. I'm unable to solve them myself.

Pondus · « **Reply #1 on:** April 16, 2013, 12:12:06 PM »

run TFC - tempfile cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

did this solve your problem?

check back later today when the removers have looked at your logs....they are usually here after work hours european time

Pondus · « **Reply #2 on:** April 16, 2013, 12:13:11 PM »

OBS: and attach OTL.txt log

malwarebytes was not updated when you scanned....update, run new quick scan and attach log

xNoaa · « **Reply #3 on:** April 16, 2013, 12:41:15 PM »

I downloaded that cleanup program that you linked me to and it helped a lot. My laptop restarted much much faster than before.

I updated Malware Bytes and then ran a scan. It turned back 0 infected items. I kind of want to do a full scan.

And I'll attach the OTL file now.

Pondus · « **Reply #4 on:** April 16, 2013, 01:08:45 PM »

Quote

I kind of want to do a full scan.

not necessary when looking for active malware....
i guess it will be some time before the removers are her so you may do thet if you want.

Pondus · « **Reply #5 on:** April 16, 2013, 01:12:23 PM »

i see you have AVG and avast installed..... never install multiple AV
this will give you a slow machine, mysterious windows errors and false detections
uninstall one and then run the vendors removal tool to clear any leftover files that may conflict

removal tools here. http://singularlabs.com/uninstallers/security-software/

essexboy · « **Reply #6 on:** April 16, 2013, 03:20:33 PM »

You also have bitdefender installed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:OTL
IE - HKU\S-1-5-21-341600103-2123293203-2585681995-1000\..\SearchScopes\{380095B4-4410-4B4C-85AE-ACD6B714B4D1}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-341600103-2123293203-2585681995-1000\..\SearchScopes\{5B5F9166-558D-488E-AC6D-7E3FD7065978}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288627&CUI=UN19021003138684129&UM=2
IE - HKU\S-1-5-21-341600103-2123293203-2585681995-1000\..\SearchScopes\{BE7303EF-2AE2-4BE0-BAB0-785B5BF10A94}: "URL" = http://searchou.com/?q={searchTerms}&id=6852336b00000000000070f1a1c9c8d4&r=159
[2012/06/05 11:01:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\ffxtlbr@babylon.com
[2012/04/11 21:14:10 | 000,102,481 | ---- | M] () (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\fbphotozoom@installdaddy.com.xpi
[2013/02/20 07:18:44 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\pricepeep@getpricepeep.com.xpi
[2012/11/15 13:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\socksharedownloader@socksharedownloader.com.xpi
[2013/02/20 07:18:44 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\pricepeep@getpricepeep.com.xpi
O3 - HKU\S-1-5-21-341600103-2123293203-2585681995-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-341600103-2123293203-2585681995-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
@Alternate Data Stream - 1119 bytes -> C:\Users\Angel\AppData\Local\KDTdGRYqXvn46:xYpIMO7Z3Xh50kzYIQw

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

xNoaa · « **Reply #7 on:** April 16, 2013, 10:36:55 PM »

I ran the OTL fix and scan. Here are the logs.

I'm also now uninstalling all the anti virus programs except for avast.

essexboy · « **Reply #8 on:** April 16, 2013, 11:36:11 PM »

Once done could you let me know how the computer is behaving

Author Topic: Problems with a Virus (Read 2954 times)

xNoaa

Problems with a Virus

Pondus

Re: Problems with a Virus

Pondus

Re: Problems with a Virus

xNoaa

Re: Problems with a Virus

Pondus

Re: Problems with a Virus

Pondus

Re: Problems with a Virus

essexboy

Re: Problems with a Virus

xNoaa

Re: Problems with a Virus

essexboy

Re: Problems with a Virus