Need assistance! Somoto-J [pup] and installerex-AH [pup]?

[REDACTED]

Hello,

So a few hours ago I turned my laptop on and clicked on Firefox to go on the internet and an avast message popped up saying it detected something and prompted I do a boot scan, so I did and it's almost finished and so far it has detected something called Win32: Somoto-J [PUP] and Win32: installeRex-AH [PUP], I googled both of them and the former seems to be some sort of malware, but I didn't get much info on the latter (if anyone can tell me exactly what that is, I will appreciate it!)
Anyway, it turns out they infected what seemed to be temp files from what it says on the screen and I moved everything to the chest.
Umm I was looking over the log/assistance thread and I'm new to this kind of virus thing, so I'm totally lost on this one... any assistance would be really great!

[Asyn]

Anyway, it turns out they infected what seemed to be temp files from what it says on the screen and I moved everything to the chest.

Do you still get any warnings..??

[REDACTED]

Anyway, it turns out they infected what seemed to be temp files from what it says on the screen and I moved everything to the chest.

Do you still get any warnings..??

The scan just finished and it just detected those two things and both of them showed up twice and I moved everything to the chest, and there were no warnings after that. What should I do next?

[Asyn]

Anyway, it turns out they infected what seemed to be temp files from what it says on the screen and I moved everything to the chest.

Do you still get any warnings..??

The scan just finished and it just detected those two things and both of them showed up twice and I moved everything to the chest, and there were no warnings after that. What should I do next?

As avast! did clean it, nothing.

[REDACTED]

As avast! did clean it, nothing.

My internet connection seems to be okay now, it was a little buggy which I think the somoto-j thing was responsible for, and I didn't get any warnings when I went onto a browser.
Okay, does that mean I don't need to run any other scans to make sure everything is clean? I feel like I should just to be safe.

[Asyn]

Okay, does that mean I don't need to run any other scans to make sure everything is clean? I feel like I should just to be safe.

If you need a check, attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Okay, does that mean I don't need to run any other scans to make sure everything is clean? I feel like I should just to be safe.

If you need a check, attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Okay I'm doing that right now and will return with my logs.

[REDACTED]

@Asyn:

Here are the logs you asked for! Sorry for the long wait, the scans took a while.

[essexboy]

Could you let me know how the computer is after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\Users\Joy\AppData\Local\Temp\c5UQ_q2h.exe.part
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

@essexboy:

Here is the log from the FRST fix, going to download adwcleaner and run a scan and will return with the log for that as well.

[REDACTED]

# AdwCleaner v3.216 - Report created 24/07/2014 at 11:04:18
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joy - JOY-PC
# Running from : C:\Users\Joy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\pyz81zv4.default-1393351996923\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Joy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1272 octets] - [24/07/2014 10:58:31]
AdwCleaner[S0].txt - [1201 octets] - [24/07/2014 11:04:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1261 octets] ##########

Here is the content of that last log.
Awaiting next instructions!

[essexboy]

How is the computer behaving now ?

[REDACTED]

How is the computer behaving now ?

Everything seems to be in order now, no problems with my internet connection (as I stated earlier I believe one of the malware caused the problems), I ran a quick scan on avast and there seems to be no threat found. Thanks a lot for your help!
What should I do with all the programs I downloaded to my desktop, should I keep them or just uninstall?

[essexboy]

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix




: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:

[REDACTED]

Okay! I will run delfix and proceed to download those programs, thank you very much! I appreciated all the help!