mor.exe Dyna:Agent-AG (TR)

[Eister]

I think one of my hotmail accounts has been hijacked as it sent out notices "Alert!! Invest Hot Properties!!" to all my email contacts.  This same message was received here about 2 months ago from a trusted source...so I stupidly clicked on the area that asked you to sign in with your email account to see the properties.       I now have change my hotmail password using a different computer, and ran Malwarebytes, which turned up nothing.
But I see mor.exe Dyna:Agent-AG (TR) in my Avast! Virus Chest.  Does this trojan worm have anything to do with the scam email I clicked on, and do I need to run any removal tool or has Avast! automatically done all that needs to be done? 
Thanks very much for advice.

[polonus]

Provide us with the logs asked for here http://forum.avast.com/index.php?topic=53253.0
and I will inform one of the qualified removal experts here to have a look.
http://forum.avast.com/index.php?topic=53253.0
If you do not have need of java on your comp upgrade and disable or better even completely uninstall it,

pol

[essexboy]

That is a Java exploit infection Avast has quarantined it so you should be safe, however, I can check it out if you wish

Also you must keep Java updated, if you do not have a pressing need for Java then I would recommend uninstalling it

[Eister]

Yes I would really appreciate your assistance. 

I have now uninstalled Java 6-update 22, and run scans with Avast and Malwarebytes.  Both came back with 0 infected files.  However Avast Virus Chest shows "mor.exe Dyna:Agent-AG (TR)" being placed there Feb. 19, but under scan logs for the past month it shows 0 infected files with no trail that I can see.   Sorry this is about the extent of my expertise!

I am running an Acer Aspire 5534 laptop with Win 7, IE8 and an updated Avast! Free Antivirus version 7.0.1474.
Whenever you have time please advise in Gramma Speak/Simple Terms what I should do next.
Thanks again.

[polonus]

Hi Eister,

Thanks for the feedback, and do not worry one bit....
I am certain essexboy will take you by the hand and let you tip-toe through the cleansing routine  in a step by step way.
Know that he is also an instructor, you know,

polonus

[essexboy]

Avast probably deleted it as it was downloaded so it would not show in the scan log

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[Eister]

Thanks

[essexboy]

Looks nice and clean I will empty the temp folders for you, are you experiencing any problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3049143172-2524241913-2659128723-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Eister]

No problems other than it runs slower than it did 3 years ago....but I guess that's just normal clutter?

[essexboy]

The fix may clean up a lot of temp files, follow that with a disc defrag and it may show a speed increase 

[Eister]

I am on our other desktop PC now...forgot to tell you I do sometimes get the whirling blue donut with error msg. windows explorer, or window live mail not responding, but it usually clears itself on it's own. 
Unfortunately now it's frozen while running the "fix scan".   
I have the msg. OTL not responding accompanied with the donut and faded background.  Nothing will close, should I press the power button to get out and then rerun the "fix scan"?

[essexboy]

Yes close it down, it is probably a glitch where it tried to uninstall Combofix when it was already gone

[Eister]

Okay back in business....here's what showed with the restart.  I will now run the quick scan.

Files\Folders moved on Reboot...
C:\Users\Eileen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Eister]

Here are the results from the Quick Scan. 
I did not re-run the "fix scan" after it gliched up, would you like me to do that?

[essexboy]

No that looks OK ... I think it was MBAM blocking not CF my error there

Do you use CrapCleaner ?