Got infected with a pendrive. Need Help

[gautam7]

Hi everyone. Today i used a pen drive from a friend to exchange some note and immediately after that avast web shield started to block some websites. A full scan from avast showed nothing. MBAM free showed a trojan and some PUP. I removed them and the pop up from avast stopped now. But i need to make sure if everything is alright. Can anybody take a look at the MBAM log file and suggest further suggestion t keep the system safe.

I am using windows 8.1 pro with all the latest update. Avast pro 10.3.2225. I have also screen captured the pop up from avast stopping the malware website.

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[gautam7]

Thanks Asyn.

All the scan done and logs are attached.

[Asyn]

You're welcome, now you've to wait a bit...

[essexboy]

Could you let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Its me\AppData\Roaming\Mozilla\Firefox\Profiles\o8liern9.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-07-03]
2015-07-20 11:48 - 2015-06-16 02:46 - 75324288 ___SH C:\ProgramData\mszxxqmu.exe
2015-07-01 03:55 - 2015-07-03 04:54 - 00000000 __SHD C:\Users\Its me\AppData\Local\EmieUserList
2015-07-01 03:55 - 2015-07-03 04:54 - 00000000 __SHD C:\Users\Its me\AppData\Local\EmieSiteList
2015-07-01 03:55 - 2015-07-03 04:54 - 00000000 __SHD C:\Users\Its me\AppData\Local\EmieBrowserModeList
Task: {871DCC27-281F-41CE-ACF3-18A599561431} - \Optimize Start Menu Cache Files-S-1-5-21-169566220-1214834291-959561632-1001 No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[gautam7]

Thanks Essesboy. Just to let you know the avast pop up already stopped after MBAM removed a trojan (The name of the virus is in the log i attached earlier). I just want to make sure there is no residue of that virus infection. I have run the FRST as you instructed. The log is attached. Thanks for your time.

[essexboy]

MBAM left the file behind though

C:\ProgramData\mszxxqmu.exe => moved successfully.


Any further problems ?

[gautam7]

Sorry for the delay in responding essexboy. I am happy to report that i have no further problem. Thank you

[mchain]

One more thing:  http://www.mcshield.net/

[essexboy]

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix
Select the options as shown


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme 

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:

[gautam7]

Thanks no further problem. I have installed this unchecky software and i think i will keep running this MCshield software too. Just today i upgraded to windows 10 but after the update the system is responding quite slowly. May be its some windows 10 related problem. I am not sure. Is my laptop sufficiently powerful enough to run windows 10? or should i just go back to windows 8.1? May be i will run windows 10 for few days to see if this improves. Its always nice to know that i can rely on avast forum to get me out of trouble. Thanks eveyone...

[essexboy]

I found that after installing 10 my boot time jumped to 4 minutes.  However, I then ran xbootmgr and knocked it down to 40 seconds. 

I have instructions for that of you wish

[gautam7]

I found that after installing 10 my boot time jumped to 4 minutes.  However, I then ran xbootmgr and knocked it down to 40 seconds. 

I have instructions for that of you wish

Thanks for the offer. I would love to use your fix. Please send the instruction. I have noticed after few reboots the laptop is responding faster than before but it definitely could use some tuneup 

[essexboy]

Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default


Windows Performance Toolkit 


You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot



Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

Readyboot

The logical prefetching described above is used when the system has less than 512MB of memory. If the system has 700MB or more then an in-RAM cache is used to further optimize the boot process (it’s not clear from the book whether or not this ReadyBoot cache completely replaces the logical prefetching approach or just builds on it, my assumption is that both work together).
After each boot the system generates a boot caching plan for the next boot using file trace information from up to the five previous boots which contains details of which files were accessed and where on the disk they were located. These traces are stored as .fx files in the

[gautam7]

Ok i have finished the process. It took quite a long time to complete. Almost around 3 hr, but after that the change in start up time is very noticeable. Besides windows 10 is working great so far. Thanks again Essexboy