Author Topic: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!  (Read 27212 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I already contacted you about getting infected with a virus or Trojan.
I did as instructed, which was:
I uninstalled/re-installed avast anti-virus. It gave me some problems at first, but finally was able to accomplish it.
I ran a full in-depth scan and it found a virus labeled: "Win32 Smokeloader-AG [Trj]"
I had it move to the chest, but it now says an error on the log page: System cannot find the file specified (2)"
I reran several scans after, and it has not detected anything since. I ran 3 boot scans that never found anything. (Altho, I am in question that my boot is functioning properly. It shows just a black screen with a few colored lines at the top, but shows in the log that it did the boot scan.)
There is no evidence now that a virus or trojan is still on my system, but I am not convinced that it is truly gone. Is there anything I can run to be sure? I saw in the forum that someone ran something to eliminate a trojan. I am scared to download anything off the internet to do this task in my own as I am concerned it might really be a trojan itself.
PLEASE HELP!!!! I want to make sure I have a safe system once again.
(BTW: I believe I am running Internet Security 8. I did pay $30.00 for it)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #1 on: March 02, 2013, 10:28:59 PM »
Hi where did you get that information from ?  As a malware infection does not need a re-install of Avast

Lets check it out, it does sound like some bad toolbars

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #2 on: March 02, 2013, 10:43:51 PM »
I submitted a ticket to the support tech. I got an email with instructions as I mentioned.
To back up, it all started when my husband clicked on a link in an email froma friend.
Avast said it detected something. I'm not sure the actual message as it was my husband who told me about it.
(FYI:  I really can't tell you if it was rebooted afterthat  and before I looked at it)

I tried to, then run a scan, but it showed the anti-virus was disabled & said FIX NOW, but it wouldnt let me fix it.
I could not use the scan at all. That is when I contacted Avast Tech support and they said to uninstall & reinstall.

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #3 on: March 02, 2013, 10:45:26 PM »
Is this a malware or Trojan or what?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #4 on: March 02, 2013, 10:50:17 PM »
It may be part of the Whitesmoke toolbar bad ware  if you run the two programmes I will be able to ensure that it has gone

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #5 on: March 03, 2013, 12:32:02 AM »
OK. I did the 2 things you recommended. The only thing I didnt get was I didnt check ALL USERS
in OTL (dumb) sorry.
BUT, when I went to attach the files from the logs, they WERE in my DOWNLOADS file, but now
they are not there! When I hit the drop down menu for files, they are listed, but say they dont exist.
WHAT HAPPENED TO THEM. This is scaring me! I even did a search and nothing. HELP!

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #6 on: March 03, 2013, 12:43:07 AM »
OK. I did finally find the log for ADWCleaner. It is attached. Still dont know why the OTL log is gone.

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #7 on: March 03, 2013, 12:58:40 AM »
I restored them with my Carbonite. Cant figure out how the log files got deleted.
Weird. They are attached. HELP! Am I clean now??????

I reran OTL with ALL USERS selected. The file log is attached for it too as OTL txt.2
Thanks
« Last Edit: March 03, 2013, 02:22:49 AM by tadabass@aol.com »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #8 on: March 03, 2013, 01:10:46 PM »
Yep it looks like it was just some bad toolbars
All programmes are best run from the desktop then they do not get lost

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2349216015-2044274021-1134175567-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/02/27 11:36:49 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\MFAData
[2013/02/27 11:35:40 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\Avg2013
[2013/02/27 11:09:51 | 000,326,144 | ---- | C] (AVAST Software) -- C:\Users\Tammy\Desktop\aswclear.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #9 on: March 03, 2013, 09:03:09 PM »
I did as you said. Attached is the log. Am I clean now??????
Thanks so much for your help!!!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #10 on: March 03, 2013, 11:24:28 PM »
How is the computer behaving now, is everything working as it should ?

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #11 on: March 04, 2013, 12:05:09 AM »
Yes it seems to be now. I don't notice any problems. I know they can hide tho.
Do you think it is free of badware and all now???
I sure hope so.
Oh, is it safe to run the ADWCleaner in the future on my computer to check for bad ware?
« Last Edit: March 04, 2013, 12:08:03 AM by tadabass@aol.com »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #12 on: March 04, 2013, 12:06:05 AM »
I can see no additional signs, if you are happy tomorrow let me know and I will remove my tools

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #13 on: March 04, 2013, 12:26:32 AM »
OK. Thanks!!!!!!!!!!!
I'll let you know.

REDACTED

  • Guest
Re: VIRUS or TROJAN ON MY SYSTEM-Disabled my Avast Anti-virus!!!!
« Reply #14 on: March 05, 2013, 07:02:43 AM »
Yes.  far, so good. Everything seems to be good.
THANK YOU SO MUCH FOR YOUR HELP!!!!!!!