Win32:Agent-APRIK [Trj] virus

[manueldel99]

My old antivirus suscription expired a week ago so I downloaded avast. After installing it, it started detecting all my processes as infected or something. The virus was always Win32:Agent-APRIK [Trj] and it was located on C:\ProgramData\RazorU0\iuznffnsd.exe    but that folder doesn't exist!! There isn't any RazorU0 folder. If I delete the virus chest the antivirus starts detecting all the processes again and sending them to the virus chest. I don't know what to do. Please anyone help.

[TwinHeadedEagle]

Hi,



Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[manueldel99]

These are the files

[TwinHeadedEagle]

Your PC is Adware city 

Do you watch what you install and how you do it?



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.

*****  NEXT  *****

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait for the tool to start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;


• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

[manueldel99]

This is the file

[TwinHeadedEagle]

Did you run Adwcleaner before Zoek? What about report?

[manueldel99]

Oh, I had to post it too. Sorry. Here it is.

[TwinHeadedEagle]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Ask Toolbar;u
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\gpt.ini;f
[HKEY_USERS\S-1-5-21-2943374727-3930821536-709027394-1001\Software\Microsoft\Windows\CurrentVersion\Run];r
"RazorU"=-;r
C:\ProgramData\RazorU0;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"RazorU"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-];r
"Browser Infrastructure Helper"=-;r
C:\\Users\\Usuario\\AppData\\Local\\Smartbar;fs
bmiabdepfhhiieiipmeecdmeljggmfee;chr
bbjciahceamgodcoidkjpchnokgfpphh;chr
jpmbfleldcgkldadpdinhjjopdfpjfjp;chr
dcillohgikpecbmgioknapdpcjofaafl;chr
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b
emptyfolderscheck;delete

[manueldel99]

here it is

[TwinHeadedEagle]

How is the situation now?

[manueldel99]

Everyting is perfect now now. Thanks!!!

[TwinHeadedEagle]

Good


• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.`