Win64:Dropper-Gen[Drp] Confusion

[TheAtomicGoose]

Hi All,
I recently discovered that I had the virus in the title, and looked up what to do. I downloaded ComboFix and ran it, but I didn't realize that I wasn't supposed to have other programs open while it was running, and it didn't run correctly. In the thread where it said to download ComboFix it also said not to run it again if it doesn't work the first time, but to try to figure out another issue. However, in my case, ComboFix just didn't run correctly, which I know by the fact that ComboFix is supposed to restart the computer when it's done running, but it didn't in my case. What should I do?

Thanks!

[essexboy]

It can be dangerous to run combofix if you do not know what you are doing

What file is Avast reporting ?

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[TheAtomicGoose]

It is reporting C:\Windows\explorer.exe. Also, I'm slightly reluctant to run the program you suggested, because in the other thread I read you suggested that and the person's internet stopped working. Is that a common problem with that program?

[Pondus]

OTL does not do anything at first run....it just create a diagnostic log
The fix comes after (if needed)  when essexboy have seen that log

[TheAtomicGoose]

Oh, ok. Thanks.

[essexboy]

The other thread was where adwcleaner wrongly reset the proxy settings

What is the Avast update version that you have is it 140307-1

[TheAtomicGoose]

Yes, it is.

[essexboy]

OK I was wondering if it was an FP but I have that VPS and no problems

[TheAtomicGoose]

Extras log: http://pastebin.com/G4s80qLy
OTL log: http://pastebin.com/PKvATHhd

[essexboy]

Have you patched your explorer ?

Are the alerts still appearing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=d0834b7d-d15e-7452-7abe-972cc2d3e3bd&searchtype=ds&installDate={installDate}&q="
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-474631609-1521078636-1054246077-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[TheAtomicGoose]

I don't know what it means to patch your explorer.exe, so I'm assuming I haven't. And if by the alerts you mean avast! telling me that explorer.exe is malicious, yes.

[essexboy]

Could you run combofix again please

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[TheAtomicGoose]

Ok, but real quick: I realize you said when you run OTL your desktop and icons could disappear, but mine are still gone after reboot...I had to use the task manager to get my browser running. Did you mean the reboot caused by OTL or that you need to reboot after OTL auto-reboots?

[TheAtomicGoose]

Here's the log from the quick scan: http://pastebin.com/q3pPsKrs

[TheAtomicGoose]

OK, well I ran ComboFix, and the command prompt stopped at step 50 and my internet isn't working.

EDIT: The internet's back, but my desktop is gone again (it had come back).