Author Topic: trojans on my computer  (Read 4296 times)

0 Members and 1 Guest are viewing this topic.

happygirl323

  • Guest
trojans on my computer
« on: August 21, 2013, 03:21:08 AM »
Noticed sluggish behavior on my computer several days ago.  I ran avast and it prompted me to run a boot scan. It found several trojans, bitcoin-A, and malware-gen. I've attached the logs request in the forum instructions

happygirl323

  • Guest
Re: trojans on my computer
« Reply #1 on: August 21, 2013, 03:23:37 AM »
continuation of attachments.

Edited to add the boot scan log
« Last Edit: August 21, 2013, 03:39:07 AM by happygirl323 »

argus

  • Guest
Re: trojans on my computer
« Reply #2 on: August 21, 2013, 09:49:50 AM »
Hi,


Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:files
C:\Windows\SysNative\drivers\avgtpx64.sys
C:\Users\Denise\AppData\Local\AVG SafeGuard toolbar

:services
avgtp

:OTL
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={C1658F1E-DECE-11E2-B3FC-002511D1C74F}
IE - HKU\S-1-5-21-2462478338-3029352743-3340727738-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={F0631A15-872E-426F-9354-9FE07A510809}&mid=781442a13c0e47d3aff9d16c57352ebc-3d753c8f921b0eec8a7b1f3d27125b9043cc3991&lang=en&ds=dn011&pr=sa&d=2013-08-20 19:57:21&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={F0631A15-872E-426F-9354-9FE07A510809}&mid=781442a13c0e47d3aff9d16c57352ebc-3d753c8f921b0eec8a7b1f3d27125b9043cc3991&lang=en&ds=dn011&pr=sa&d=2013-08-20 19:57:21&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O33 - MountPoints2\{7acd3c61-ec8f-11dd-a6c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7acd3c61-ec8f-11dd-a6c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.EXE

:commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

.







Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.








Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



happygirl323

  • Guest
Re: trojans on my computer
« Reply #3 on: August 22, 2013, 01:21:16 AM »
Here are the logs from the runs you asked for.

argus

  • Guest
Re: trojans on my computer
« Reply #4 on: August 22, 2013, 09:43:39 AM »
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
START
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
END
2. Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.


.



  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

emptyclsid;
C:\Program Files (x86)\AVG SafeGuard toolbar;fs
C:\users\Denise\AppData\Locallow\AVG SafeGuard toolbar;fs
bkpdbnikbinamgnlpdocdofjnoplcpji;chr
hbcennhacfaagdopikcegfcobcadeocj;chr
mhkaekfpcppmmioggniknbnbdbcigpkk;chr
pfndaklgolladniicklehhancnlgocpp;chr
emptyalltemp;
autoclean;


  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



happygirl323

  • Guest
Re: trojans on my computer
« Reply #5 on: August 22, 2013, 10:23:24 PM »
Here are the logs.  Thanks for your help with this!

argus

  • Guest
Re: trojans on my computer
« Reply #6 on: August 22, 2013, 10:29:30 PM »
looks good, any problems?

argus

  • Guest
Re: trojans on my computer
« Reply #7 on: August 22, 2013, 10:34:41 PM »
There was no malware, just crap (adware)  ;D

happygirl323

  • Guest
Re: trojans on my computer
« Reply #8 on: August 22, 2013, 11:03:32 PM »
Looking good. Thanks again! ;D

argus

  • Guest
Re: trojans on my computer
« Reply #9 on: August 22, 2013, 11:06:28 PM »
OK, one more step

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.





I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

happygirl323

  • Guest
Re: trojans on my computer
« Reply #10 on: August 22, 2013, 11:53:49 PM »
squeaky clean, tools removed  :D