Help with Bamital.X

[jfv]

Help!

I run Avast, and have ran:

Dr. Web
Hitman Pro
Malware Cleaner
GMER
... and probably some other things I don't remember.

OTL logfile attached.  

[Yanto.Chiang]

Hi Jfv,

Welcome to the avast forum,

It was looked your machined infected with various malware inside there, you may try to:
1. Download CCleaner and install afterthat analyze and fixed your cookies and registry
2. Please turn off your system restore and performed boot-time scan, please follows : http://www.schmahl.net/avastbootscan.php
3. Have you tried with Malwarebytes? If not yet, please download malwarebytes and then install afterthat do the update database and scan it in safemode recomendded
4. To make sure again if your machines still infected or not, please submit again your OTL summary scan

Hopefully these steps may assist you

cheers,

[jfv]

Hey Yanto,

Thanks for weighing in. I've performed all of the above already, with the exception of the boot time scan, which is apparently not supported in Windows 7 x64. I lost the explorer file brower for a while, but it seems that Dr. Web has managed to repair it. C:\windows\explorer.exe still shows up as infected with Bamital.X with Avast, however, and so I expect the issues to recur.

[essexboy]

Try this - on completion let me know of any remaining problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  F3:64bit: - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
  F3 - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
  [2010/08/05 12:22:48 | 000,000,120 | ---- | C] () -- C:\Users\jules\AppData\Local\Bhidi.dat
  [2010/08/05 12:22:48 | 000,000,000 | ---- | C] () -- C:\Users\jules\AppData\Local\Gwufavalegacude.bin
  [2010/08/04 10:51:17 | 000,061,150 | ---- | C] () -- C:\Users\jules\AppData\Local\okegizutazetifig.dll
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

THEN

Go to start > Run and type in the following hitting enter/OK after each command

sfc /SCANFILE=c:\windows\explorer.exe

sfc /SCANFILE=C:\Windows\SysWow64\explorer.exe

sfc /SCANFILE=C:\Windows\SysNative\svchost.exe

[jfv]

Hey Essexboy-

I attach the OTL log.

Something odd is happening with SFC. I ran sfc /SCANFILE=c:\windows\explorer.exe and it indicated that the file would be repaired after a reboot. I tried to do the other two but got some message telling me that I had already fixed something and needed to reboot first, which I did. Now every instance of SFC that I'm trying to run brings the following answer:

Windows Resource Protection could not start the repair service.

Not sure what to do now.

Best,
J.

[essexboy]

We will do a full sfc then - this may take a while

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

[jfv]

Seems cured!

Thanks so much Yanto and Essexboy.

[essexboy]

Run OTL and hit the cleanup button to remove it