Daily Trojan

[REDACTED]

MalwareBytes is finding Trojans nearly every day after I check my email...I am not doing anything stupid in my email opening.  This is an old computer I use for photo editing, and it freezes, I scan, a Trojan is there.  It's mostly in the same Registry location...is it replicating itself there?  Would deleting that registry key stop it? I don't know how it is getting past my Avast Protection/firewall, etc.

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[dbrisendine]

Can you attach the MBAM scan log?
One other scan to run (along with the FRST scan):


Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

[REDACTED]

OK, it's taken me all day to get FRST to download and scan...finally done...and a few MBAM logs exported.  Let me know if anything is missing, please.  Thanks.

[dbrisendine]

Did you scan with Malwarebytes' Anti-Rootkit?

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

[REDACTED]

Yes, I did scan with MBAR, just forgot to attach that scan...will attach now with FRST fixlist.
Re the Desktop of the September discussion, I found that the network card is apparently destroyed, still can't get it online, and also somehow, the name of my default printer has been changed, so that I could not print over my network. I would still like to have some answers to the original question of how these Trojans are getting past my Avast firewall/protection, and what I can do to prevent further damage to my equipment and data?  And if you would please tell me what you are finding from my logs, it would be helpful to have them translated so that I can understand what is affecting my computer.  Thank you for your assistance.

[Pondus]

I would still like to have some answers to the original question of how these Trojans are getting past my Avast firewall/protection,

No security program have 100% detection or zero false positives

In your reply nr#3 you have attached Malwarebytes protection log twice, please attach Malwarebytes scan log so  dbrisendine can se what is detected

[dbrisendine]

The Fixlist.txt you ran is NOT the one I provided to you.  Where did it come from?

[REDACTED]

Not sure how I got the wrong fixlist attached, but am attaching what I hope is the right one...in my first post I attached a copy of the scan log, and am attaching the one I just did this morning. This trojan turns up in the same registry key over and over...does it clone itself there? and would it be harmful to delete that registry key?

[REDACTED]

Second time today: at 1:00pm  Another scan result

Another note: on my Vista SP2 computer, first, there is no "Program Data" file on the C drive...second, in the Avast Software file, I have not been able to find a record of my boot scan results. Do you know where I might find that log?

[Michael (alan1998)]

Is the one on your primary system appear to be ghosted?

It likely is, it will be re-hidden. It's a Windows Folder, don't delete it!!

I will find the Avast! Save location as soon as possible

I can't find anything concrete, but you might be able to locate it under "C:\ProgramData\Avast Software\Avast\Log"

or

"C:\ProgramData\Avast Software\Avast\report"

[REDACTED]

That's the problem, in Vista SP2, there isn't a Program Data File...I think I found it?? but there is only one scan on it, so where are all the rest...this is in the Program File, Avast Software, aswMBR...does that sound right?  Attaching...see if this is what I'm looking for.
Thanks
PS, I don't know if the registry file is ghosted...how would I tell?

[REDACTED]

Just scanned with MBAM again, 3rd time since this morning it is there again....

[dbrisendine]

Is there an issue I am not understanding here?  You posted the same Fixlog.txt log file twice now and did not say where you got the file from.  Are you getting help from another source and / or working on two different systems or what?
Here are my instructions once again:

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.