Author Topic: URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/  (Read 23034 times)

0 Members and 1 Guest are viewing this topic.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Uhmmm... I can't continue with the other steps on the avast disabling because avast won't run again.

How do you mean avast wont run?
ComboFix will run on enabled avast too. CF will warn you that avast is enabled but it will run. Try like that, if not, we will use other tool.  ;)

Rapixxx

  • Guest
I deleted od CF downloaded again - it would not run. It starts and before I can click "I agree" on the disclamer it vanishes into nothingness ://

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member


Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

process;
srinfo;
installedprogs;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
f81;z
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



Rapixxx

  • Guest
Well... that dies too  ;D I'll try downloading it again and try again XD

Rapixxx

  • Guest
nope it doesn't come to life XD

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Hmm ... that's odd.

1. Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
2. Re-run FRST as you did before and attach here fresh FRST.txt logreport.

3. ...and just for test, try to run zoek now using this script:

Code: [Select]
filesrcm;
startupall;
firefoxlook;
chromelook;

Rapixxx

  • Guest
Things are getting weirder O.O I tried opening zoek.exe instead what was opened was GaussView - program for visualizng chemical molecules from the results of computer calculations O.O (GaussView opens *.log files usually but not *.exe files)


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Ok, i see where is the problem.

Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit

    Please note: This is a beta version so please be sure to read the disclaimer and note of it.

  • Unzip/unrar MBAR in a folder to your Desktop
  • Open the folder where the contents were unzipped to run mbar.exe

  • Click on Next > then on Update button to download fresh definitions.
  • When database updates click Next
  • In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
    Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

  • The Clean up procedure will be Scheduled for process.
  • When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


========== Next ===========


Re-run FRST and attach here fresh FRST.txt log




Rapixxx

  • Guest
Ready

Rapixxx

  • Guest
I'll be away from my computer for about 12 hours. Thank you for the help and I hope tomorrow we can finish the fight! Again thanks a lot! ^^

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
FF user.js: detected! => C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\v0nstdya.default\user.js
HKCU\...\Run: [ee] C:\Users\Lenovo\AppData\Roaming\f81\ee.js [x]
C:\Users\Lenovo\AppData\Roaming\f81\*.js
C:\Users\Lenovo\AppData\Roaming\f81
MountPoints2: {15998a67-702c-11e2-9654-9439e59642f7} - F:\install.exe
C:\f9955
C:\Program Files\e71


2. Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.



======== Next ===========



Quote
C:\Users\Lenovo\Desktop\OTL.exe


Run OTL, just click on RunScan and attach here OTL.txt logreport.


======== Next ===========


> Check USB storage devices / removable drives


Download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

  • Double click MCShield-Setup to install the application.
  • Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
  • Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Rapixxx

  • Guest
I installed Mcsheiald yesterday and ran a scan on my flash drive should I re-run the scan? Are there different options when I do the second scan?

Rapixxx

  • Guest
anyway I just plugged my USB then unplugged then plugged the next one and I'm sending the report.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Quote
I installed Mcsheiald yesterday and ran a scan on my flash drive...
My bad.  :)

> Restart your computer and re-run OTL and attach here fresh OTL.txt logreport.

Infection and re-infections has come from USB memory storage devices. MCShield need to be active to remove the malware and protect your computer from worms coming through USB.

Rapixxx

  • Guest
Done!