Help!!!! 80000000.@ Popping Up......

[catcatms]

I got 80000000.@ and 00000001.@ popping up threat detected messages in every few minute for the past few days. I was ignoring the warnings for a while but now it's beginning to interfere with my internet browsing and word processing, any help would be appreciated.

I installed and running the malwarebytes anti-malware and avast free version, all  infected files were deleted by the problem still happen. Where can I find the log to post you or which program should I download to solve it?

Can anyone help me?

[DavidR]

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

[catcatms]

Thanks a lot, will start doing it

[Asyn]

OTL log is coming in the next reply

Dont copy & paste..!! Please attach your logs..!!! Thanks.

[catcatms]

will it takes long time to run OTL?

[Pondus]

usually not.....give it an hour before you stop
you may try running it in safe mode

[catcatms]

please find my OTL and MBAM log here

[catcatms]

usually not.....give it an hour before you stop
you may try running it in safe mode

Please find my logs as above

[magna86]

Monitoring 

[magna86]

Hi, 
I will be working on your Malware issues



1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

***********************


Step 2



> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

• Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  
• In the window that opens on the top right corner, click Settings.
  
• In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  
  
• Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.



If you fail to run Combofix, run it in safe mode.

[catcatms]

Hi, 
I will be working on your Malware issues



1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

***********************


Step 2



> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

• Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  
• In the window that opens on the top right corner, click Settings.
  
• In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  
  
• Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.



If you fail to run Combofix, run it in safe mode.

Please find the log report as attached

[magna86]

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


Folder::
c:\windows\Installer\{00b4e2c7-6edb-d884-b334-5eef3a884c97}

KillAll::

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

[catcatms]

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


Folder::
c:\windows\Installer\{00b4e2c7-6edb-d884-b334-5eef3a884c97}

KillAll::

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer

After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???

For your information, after i use combofix.exe yesterday and posted my logs to you, pop up seems no more exists, but I don't know is it totally cleared the trojan or not.

[magna86]

Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer

After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???

There is no reason to worry abaut, just classic pop-up error has prevented Combofix to finish scanning.
OK, let's see what happened and what is the current situation.

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
        1. DDS.txt
        2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

[catcatms]

Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer

After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???

There is no reason to worry abaut, just classic pop-up error has prevented Combofix to finish scanning.
OK, let's see what happened and what is the current situation.

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
        1. DDS.txt
        2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

Hi, here is the log from DDS