Author Topic: Avast has found Trojan but can't delete?  (Read 20463 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #15 on: February 02, 2015, 04:33:19 PM »
Hi, the google desktop is the good version :)

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
S1 fdafujdy; \??\C:\WINDOWS\system32\drivers\fdafujdy.sys [X]
CustomCLSID: HKU\S-1-5-21-1547161642-842925246-1801674531-1004_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> C:/Program Files/Scrivener/eWebClient.dll No File
C:\WINDOWS\system32\drivers\fdafujdy.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #16 on: February 02, 2015, 04:41:19 PM »
hey essexboy,
thank you so much, doing it now! 
also, should I be concerned about that Data Execution prevention message?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #17 on: February 02, 2015, 04:47:51 PM »
Not just yet

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #18 on: February 02, 2015, 04:50:52 PM »
not sure what's happening but the FRST has frozen, should I stop it? run it again?

EDIT: FRST log attached!

EDIT 2: I'm attaching the threats Avast found, the one where it says move to chest - when I check chest it isn't there (!) and the Trojan - action postponed until next reboot one - I rebooted twice after getting this message and its still there. Sorry if I've already told you this, I'm a total idiot when it comes to PCs and I'm worried...

EDIT 3: AdwCleaner log attached! I'll await your instructions and once again thank you for helping me! :)
« Last Edit: February 02, 2015, 05:31:33 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #19 on: February 02, 2015, 07:22:17 PM »
What was the full folder path ? Were they in the temp internet folder ?

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #20 on: February 02, 2015, 07:45:43 PM »
hi essexboy

please excuse my ignorance as I'm not very tech savvy but what do you mean about the full folder path and temp internet folder? Sorry!  :-[

also, do i have to disable firewall or just avast and mbam??

downloading ComboFix now - once again thank you for helping me!
« Last Edit: February 02, 2015, 07:51:01 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #21 on: February 02, 2015, 07:56:01 PM »
Just disable Avast and MBAM.  I will get some screenshots together for your other question

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #22 on: February 02, 2015, 08:10:16 PM »
thank you!  :)

everything is running very slow so I apologize if I'm not getting back to you fast enough!  :-[

EDIT hey essexboy, I'm getting this message when I run ComboFix ....

I installed it. Hope I've done right thing! Now getting a warning:
Unable to create a backup of current registry file C:\WINDOWS\system32\config\SECURITY !
it's asking me to continue restoration???
Lots of warnings now. Do I click yes for all of them?
« Last Edit: February 02, 2015, 08:35:34 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #23 on: February 02, 2015, 08:37:55 PM »
Click yes, that will install the recovery console onto your system

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #24 on: February 02, 2015, 08:41:52 PM »
I sound like a frantic lunatic haha sorry essexboy! It's busy
Preparing log report but when it rebooted the screen was
Black (like safe mode?) with 3 options but then it
Started as normal.

« Last Edit: February 02, 2015, 08:52:01 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #25 on: February 02, 2015, 08:47:29 PM »
Yep the options include the recovery console, we will hide that at the end :)

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #26 on: February 02, 2015, 08:51:23 PM »
combo fix log attached!

PC still running very slow and freezing - browser / opening files etc.,
« Last Edit: February 02, 2015, 08:54:11 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #27 on: February 02, 2015, 09:22:39 PM »
OK all malware cleared, now we just need to speed you up a bit

Download to your desktop Mike Lin's startup control panel  https://web.archive.org/web/20131106030702/http://www.mlin.net/StartupCPL.shtml
Download this version Download Startup Control Panel 2.8 (59kb)
Open the zip file by double clicking
Double click the startupcpl file that you now see this will install the programme
Now go to control panel and you will see a startup icon (picture 1)
Double click this and the programme will open
Go to the HKLM Run tab
Right click all entries except Avast and select disable (picture 2 )
Repeat for the HKCU tab
Now reboot your computer

All the changes can be reversed by running startup from the control panel and right click then select enable

Has this improved your speed

REDACTED

  • Guest
Re: Avast has found Trojan but can't delete?
« Reply #28 on: February 02, 2015, 09:28:22 PM »
thank you essexboy, I'll do that now! I really am grateful for your help  :D

one other question though....is it safe /ok for me to delete/uninstall Google Desktop?? Still getting the error message on start up. 
« Last Edit: February 02, 2015, 09:32:56 PM by buzzybee »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast has found Trojan but can't delete?
« Reply #29 on: February 02, 2015, 09:31:13 PM »
Yes unless you really need it, it is a bit of a resource hog and contributes very little