Trojan horse doesn't go away?

[amyrpk]

So I (unfortunately) picked up a virus from my daughter's flash drive (last time I pick up a flash drive from a teenager's desk and actually use it) and have run a full system scan, and it didn't tell me anything other than that the Word file I was working on was unable to be scanned, but otherwise it seemed to be okay. 

But now the red window in the corner about "Trojan Horse blocked" or some such just keeps popping up.  It says I don't need to do anything, but it keeps coming back.

Question:  How do I make it stop?  And should I delete the Word file I was working on when I plugged in that flash drive that gave me the virus?  Or is working on it and saving it repeatedly making the problem remain, or is that irrelevant?


Editing to add on paying closer attention to the thing, the "object" name does keep changing each time the red window appears.  So it's not just repeating the same information, it is that this virus or malware keeps attacking, right?  So how come the full scan didn't tell me that there were infected files?

[magna86]

Hi amyrpk,

Follow this guide:
http://forum.avast.com/index.php?topic=53253.0

----     ----     ----     ----     ----     ----     


> Let's check and clean USB storage devices / removable drives


Download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

• Double click MCShield-Setup to install the application.
  
• Wait a few seconds to MCShield finish initial scan.

Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.

• Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


----     ----     ----     ----     ----     ----     


Attach here logs:

AdwCleaner <-- cleening adware & junkware ...
Malwarebytes <-- preventive & first step for malware removal
OTL and aswMBR <-- primary system and antirootkit diagnostic tools.
AllScans.txt < --- log report from MCShield

[Pondus]

So how come the full scan didn't tell me that there were infected files?

no security program have 100% detection....and the bad guys create new malware every day

follow magna86's advice and attach the requested logs, then he will fix it for you.   

[amyrpk]

Thank you for the quick replies. 

For what it's worth, the name of this infection or whatever it is, as per the Avast red warning window, is Win32:Hupigon-LJL[Trj]




I haven't run the Adware one for toolbars because I have none (have only had the computer for a short time and haven't downloaded any).  Is that a mistake?

mbam scan showed zero problems.  Which confuses me because I'm still getting those red window warnings.

I've run the OTL scan, so I should attach the resulting logs now, right? 

[amyrpk]

OTL logs attached, OTL.txt and Extras.txt

[Pondus]

I haven't run the Adware one for toolbars because I have none (have only had the computer for a short time and haven't downloaded any).  Is that a mistake?

yes.....as it also remove any crap files located in your browser
run it...click delete....attach logs

mbam scan showed zero problems.  Which confuses me because I'm still getting those red window warnings.

no security programs have 100% detection
malwarebytes is a tool made for targeting special types of malware, so there is a bunch of stuff it does not even look fore

and follow the advice about MCShield above.... magna will soon be back

[amyrpk]

Attaching Adwarecleaner log

[amyrpk]

Attaching mbam logs

[amyrpk]

Running the aswMBR, got a blue screen/crash.  Running it again.

[amyrpk]

Attaching aswMBR log

[magna86]

Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
    Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop
• Open the folder where the contents were unzipped to run mbar.exe
  
  
• Click on Next > then on Update button to download fresh definitions.
  
• When database updates click Next
  
• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
  
  
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
  
  
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.




=========== Next ==========






Please download zoek.exe and save it to your desktop.

• Close any open browsers.
•   Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]


process;
srinfo;
systemscpecs;
installedprogs;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;




• Click on button
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  
  Note: It will also create a log in the C:\ directory named "zoek-results.log"