This program [Avast] is blocked by group policy. For more information contact..

[REDACTED]

Dear TwinHeadedEagle,

It feels too good to be true, although as time passes, my initial terror, that it wouldn't last, and wonder, that it did, gradually diminish. 

My external hard drive remains accessible:  miraculous!

I attach the log as requested

What should I do to retain this state of bliss? 

Many thanks!

[Pondus]

there is a forum problem with MCShield logs, when attaching it is not readable....
So this log you copy and paste   

Opening with android / opera work, so i have copy pasted it for you

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<


14/05/2015 11:51:58 > Drive C: - scan started (Ols ~446 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<


14/05/2015 11:52:39 > Drive E: - scan started (Back Up 2 ~932 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<


14/05/2015 11:53:42 > Drive F: - scan started (EOS_DIGITAL ~15079 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<


14/05/2015 11:54:45 > Drive H: - scan started (CORSAIR ~29541 MB, FAT32 flash drive )...



=> The drive is clean.

[REDACTED]

Dear Pondus and TwinHeadedEagle,
Many thanks for copying and pasting my MCShield log, Pondus.

Unfortunately, while my external hard drive worked fine for a bit, it then stopped and started exhibiting its previous behaviour – becoming inaccessible and losing its name.

Am I correct in deducing that the Trojan (if that is what has infected my computer) is still present, but is being disabled by MCShield – at least, for some of the time?

I’ve looked at the log file (MCShield-AllScans.txt) but there is no change from the one I sent you yesterday.

Please let me know what you’d like me to do next.

[TwinHeadedEagle]

Your external drive is probably malfunctioned. Did you try to attach your drive to other PC?

[REDACTED]

Dear TwinHeadedEagle,
Thanks for Friday’s suggestion.

Up to then, I had not connected my external hard drive to another computer.  After your suggestion that the external hard drive had ‘malfunctioned’ (I guess you meant hardware-wise – it’s definitely been malfunctioning software-wise), yesterday, I tried connecting it to another computer.

This computer was I believed, well protected;  furthermore, I only copied files from a memory card (from a camera) to my external hard drive, in an attempt to reduce the scope for infection.

My external hard drive did not exhibit the same behaviour that it does with my computer.  It remained active and accessible throughout the time it was connected (more than an hour).  I did however, notice a dreaded shortcut appearing in a newly created folder on the external hard drive, so I guess that it too, is infected with this malware.

It seems clear that Avast and MCShield are not effectively blocking the action of the malware on my computer and external hard drive.  Please let me know if you have any ideas on what I should do next. 

[TwinHeadedEagle]

Download Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  
• Click in the introduction screen "next" to continue.
  
• Click in the following screen "Update" to obtain the latest malware definitions.
  
• Once the update is complete select "Next" and click "Scan".
  
• When the scan is finished and no malware has been found select "Exit".
  
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  
• Open the MBAR folder and paste the content of the following files in your next reply:
• "mbar-log-{date} (xx-xx-xx).txt"
  
• "system-log.txt"
  

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

[REDACTED]

Dear TwinHeadedEagle,

Attached, you should find the files as requested.

[TwinHeadedEagle]

Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• Panda Free Antivirus
• avast! Antivirus

Uninstallation procedure:

• Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  
• Search for each uninstalled entry, right-click it and select Uninstall.
  

This should be done until any other steps will be taken.



Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

Dear TwinHeadedEagle,
Attached, you should find a copy of fixlog.txt as requested.

Panda Antivirus was the programme that allowed the malware through in the first place.  I turned it off once I had successfully installed Avast.  I have now uninstalled it as requested.

After rebooting, the home page for internet explorer changed from google to: 

     http://www.msn.com/en-ae/?ocid=iehp

Avast became inaccessible in internet explorer.  There was a message:

     Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://forum.avast.com again. If this error persists, contact your site administrator.

I did this, but found that they were already turned on.  I have therefore re-opened IE and I hope am now able to communicate.

Thanks for continuing this process.  Do let me know what I should do next!

[TwinHeadedEagle]

How is your PC behaving now? It seems clean.

[REDACTED]

Dear TwinHeadedEagle,
Many thanks for the fix.

At first, everything seemed fine with my external hard drive, but now it has started disappearing (from Windows Explorer), then reappearing again (after an MCShield scan – which says that it’s clean each time).

The external hard drive didn’t behave like this on the other computer, yesterday.  The timing resembles that of its previous behaviour on my computer (when it became inaccessible).

Notwithstanding the drive’s coming and going, Avast managed to scan it and found no malware – although it was unable to scan a large number of files.

[TwinHeadedEagle]

Did you try to plug you external drive into different slot.

[REDACTED]

Dear TwinHeadedEagle,
I’ve just tried it now.  Exactly the same behaviour:

External hard drive plugged in.

Appears on Windows Explorer.

Short while later (~3 minutes), disappears.

MCShield scan (all clear, drive G:)

Reappears (1 minute later)

Repeats ad infinitum (I imagine)

If the timing’s important, I can check.

[TwinHeadedEagle]

I really don't know what is going on, but I think it is some malfunction with your external drive. My hands are tied further, i cannot help you.

[REDACTED]

Dear TwinHeadedEagle,
Thanks for the message.  I’m sorry to hear that your hands are tied and that you cannot help me further.  I recognize that you’ve helped me significantly – for which many thanks! – but I am pretty sure that my computer is still infected with malware. 

I certainly don’t think that my external hard drive is malfunctioning hardware-wise as you suggest, as it works perfectly with a different computer.

I am of course, very disappointed that Avast isn’t able to detect the malware on my computer. 

I guess I’ll just have to delve further into the realms of malwarfare until I can find someone who is able to address the problem.  If you have any suggestions of where to look, I’d be very grateful…

One additional bit of information:  I took a memory stick with files from my computer (on which it appears to work perfectly – no shortcuts, no viruses according to Avast) to another computer today (to print out a document), and discovered that the memory stick was full of shortcuts that I certainly hadn’t put there intentionally…