trz****.tmp TROJAN HORSE invasion

[jeffce]

Ok let me check with one of my colleagues...we may be dealing with a false positive.  I will return as quickly as I can. 

[LenfaL]

Okay, thank you

[jeffce]

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn

• Double click Dr Web
• IMGBurn will open
• Burn the ISO to a cd

• Reboot the infected computer with the CD in the drive
• Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

• Use arrow keys to select  DrWeb-LiveCD (Default)
• When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

• The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
• Once completed reboot to normal windows
• No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

[LenfaL]

Okay this might take some time to complete because I have to find someone with a CD burner. I will post a new reply when I'm done.

[jeffce]

Ok that is just fine.  No problem. 

[LenfaL]

Hmm, sorry this might sound like a stupid question, but may I use a DVD-R to burn this or do I absolutely need a CD?

Also, do I absolutely need to use ImgBurn or any CD burning program will do?

(I'm asking this because I'm planning to burn it on a macbook and ImgBurn isn't compatible with OS X. I also only have DVD-R on hand, but I can purchase CDs if necessary)


EDIT: Ok so I've burned the file to a DVD-R and I tried booting my PC from the DVD, but it simply won't. I verified that CD-ROM has boot priority in the BIOS. I also tried to force boot from the CD (using the Boot Menu and selecting my CD drive) and it would simply launch Windows as if I had booted normally.

My CD drive is detected and works (because I could see the DrWeb iso inside the disk), but there's a problem with booting from CD. Do you have an alternative to DrWeb Live CD? Because I doubt I'll be able to make this work, since I've never been able to boot my computer from CD (I've tried a few weeks ago, when my computer had a motherboard failure and wouldn't boot at all... it was also impossible to boot from my repair disk).

I almost killed my computer again trying to force it to boot from CD. I'm scared now. 

[jeffce]

Ok....let's try this....run a Quick Scan with OTL and the attach the new log.  We will go from there. 

[LenfaL]

Hello,

I've attached the Scan results and a screenshot of the settings I've used for the Quick Scan.

[jeffce]

Hi,

That is just fine.  When you get the new log be sure to attach it. 

[LenfaL]

The OTL log? I've attached it in my last post    (Unless you're looking for something else that I've missed?)

[jeffce]

No I apologize...I missed it.   

[jeffce]

SystemLook

Please use either of the following links:
Download Mirror 1
Download Mirror 2

• Right-click and Run as Administrator SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:filefind
*trz*.tmp


• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[LenfaL]

Only one found.

[jeffce]

Run SystemLook again but with the following script:

:dir
C:\Users\Sébastien\Downloads /s

Attach the new log please. 

[LenfaL]

Hmm I can't attach the log because the file size is too big.

I've uploaded it to this file hosting website:

http://www.filedropper.com/systemlook

(I don't know if the website is safe, I chose the first result on google)