I-frame-inf and script-inf

[BobLanham]

My computer is infected with I-frame-inf and script-inf. Is there help available here to clean it?

[iroc9555]

Hi Bob. Welcome to Avast! Forums

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( Do not copy/paste ) logs for AdwCleaner, malwarebytes', OTL, and aswMBR.exe here:

An expert in the removal of malware will help you.

[BobLanham]

Logs are attached. I ran the quick scans. Will this be sufficient?

[iroc9555]

A specialist has been notified. BTW the aswmbr log is not complete.

[BobLanham]

Running aswMBR again. Should I then run the FixMBR?

[iroc9555]

...Should I then run the FixMBR?

NO. just the scan.

[BobLanham]

attached.

[essexboy]

Hi you used the search function of AdwCleaner, after this OTL fix could you run AdwCleaner again but select delete this time

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120405F35E4B038FD351C1C2111778&tbp=homepage
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400"
[2013/01/16 16:49:22 | 000,000,000 | ---D | M] (CouponAmazing) -- C:\Documents and Settings\Eon\Application Data\Mozilla\Firefox\Profiles\Copy of bdrp3qvc.default\extensions\couponamazing@jetpack
[2012/05/01 08:32:36 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Eon\Application Data\Mozilla\Firefox\Profiles\Copy of bdrp3qvc.default\extensions\ffxtlbr@funmoods.com
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[BobLanham]

OTL and adwCleaner logs attached.

[BobLanham]

It must be fixed now because the warning popups have not appeared.
??

[essexboy]

Aye it was probably infoatoms or funmood   Any further problems