What to do about the Michael Schumacher virus?

[Elweetjewek]

A video purporting to show amateur footage of the ski accident of Michael Schumacher has been circulating on social media, but the clip – titled "Video: Moment de l'accident de Michael Schumacher! (EXCLUSIF)" – is said to contain a computer virus.

I watched the clip...
The virus is said to get activated as soon as you log in to your bank account.
Which I did also...
The virus is said to hack your login information for your bank account, so criminals can hack your bank account.

Does anybody know anything about this virus and what to do about it?
I can't find an english news item on it. But there are german http://www.mimikama.at/allgemein/michael-schumachers-unfall-auf-video-dahinter-versteckt-dich-ein-trojaner/ and dutch warnings. One german site says other antivirus software recognized the following viruses:

DrWeb
Trojan.Crossrider.9

McAfee
Artemis!1718DCD16DC8

McAfee-GW-Edition
Artemis!1718DCD16DC8

Sophos
Kreapixel

TrendMicro-HouseCall
TROJ_GEN.F47V1214 

Thanks!

[TwinHeadedEagle]

Follow this topic and attach requeste reports

http://forum.avast.com/index.php?topic=53253.0

[Pondus]

A video purporting to show amateur footage of the ski accident of Michael Schumacher has been circulating on social media, but the clip – titled "Video: Moment de l'accident de Michael Schumacher! (EXCLUSIF)" – is said to contain a computer virus.

why am i not surprised ... the bad guys use evry opportunity to spread new malware
and they fish in the pond that have most fish, like social media .... and the biggest is Facebook ... where the fish take the bait again and again

https://www.virustotal.com/en/file/f715938fbd8df2292083562a57b1bfe6996fc9206a024e690bf3c2112880692a/analysis/
https://www.virustotal.com/en/file/6b85b16212c42d1a0e08f084d08f92364f74325ed9152ca8ce3a3f2c949fe14d/analysis/

[Elweetjewek]

Thanks for you help!

OTL did not gave me an Extras.Txt log?

So I attached the MBAM log, the OTL.Txt log and the aswMBR log.

[TwinHeadedEagle]

Hi,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[Elweetjewek]

Thanks. The logs are attached. 

[TwinHeadedEagle]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {99368023-6DB4-49C0-8823-EA55E71859D3} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {AD2DE8E4-26EF-4F97-8A34-8BCAC787F48D} URL = http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
C:\Windows\Installer\{f58adead-e832-1feb-2dbb-6808dc459d6b}
C:\Users\Toshiba\AppData\Local\Temp\i4jdel0.exe
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[Elweetjewek]

Done!

[TwinHeadedEagle]

PC seems clean, do you have any problem now?

[Elweetjewek]

No, the pc doen't seem to have any problem now. Thank you very much for your great help! I really appreciate it!

[TwinHeadedEagle]

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.