I NEED HELP!!! the instruction at "0x7c923845" referenced memory at "0x00000000"

[mykidchloe]

Cool. Thanks guys. And whatever I need to do to stay protected I will. So if avast is what I need then that's what I will get.

[SafeSurf]

I am going to refer you to our Certified Malware expert, named Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time.  He will respond to you in this thread, so remember to check this thread daily.

You will need to uninstall av_g prior to installing Avast, however I want you to wait for Essexboy to review your logs and contact you first prior to you uninstalling you current AV and installing Avast.

This is the av_g uninstaller tool: http://www.avg.com/us-en/download-tools, then reboot.

This is how to download and install Avast: 

1. Save a copy of newest version of Avast (5.0.677) for the version you need and save it to your HDD:
Free – http://files.avast.com/iavs5x/setup_av_free_eng.exe
Pro –  http://www.avast.com/pro-antivirus#tab4
AIS –  http://files.avast.com/iavs5x/setup_ais.exe
2. Disconnect from the Internet at this time.
3. Reboot.
4. Install the newest version of Avast and reboot.
5. Get Internet access and register your copy or add the license key for Free, Pro, or AIS.
    Free – http://www.avast.com/registration-free-antivirus.php
6. Update the Avast definitions.

I will continue to provide assistance in the meantime until Essexboy works with you, then remain in the background while he works with you.  Please let me know if you have any questions.  Thank you.

[essexboy]

Hi there I see you tried to run combofix, unfortunately AVG has a big hate on for it and kills bits of the programme.  But, it stops it half thorugh and may cause damage to your system, hence sUBs has stopped combofix from running if AVG is detected 

So if you are going to change to Avast then once AVG is uninstalled we can then run CF, as I believe you may have the TDL3 rootkit.  If you are going to remain with AVG then you will need to uninstall it until I give the all clear   

Could you let me know how you want to proceed please

[mykidchloe]

As soon as I gain access to my computer again I will proceed in removing avg from my computer. So tonight in like 6 hours. Its when I get off work.

[essexboy]

OK then first set of destructions - as I will be in bed by then 

Delete the copy of Combofix from your desktop as it may be corrupted

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[mykidchloe]

So I uninstall AVG from my computer the add/remove program way and then I used the uninstaller from the link that was provided. But... combo fix is still finding avg on my computer. Im not sure what to do now... sorry for being so tardy...

[SafeSurf]

Did you reboot after uninstalling with the AVG uninstaller?  If so, wait for Essexboy to respond to you as he may need to use a different tool.

[essexboy]

If combofix still finds AVG then run a fresh OTL scan for me and I will manually remove whatever is left

[mykidchloe]

I ran a fresh otl and I wasnt sure if you wanted me to do the custom scan or not so I did a custom scan and a non custom scan.

Here they are.

[essexboy]

Ci=ould you open the logs and then save them as ANSI please as they are currently in unicode

[mykidchloe]

This should be correct.

[essexboy]

OK once this has run - then retry combofix, ensuring that it is saved to your desktop, if it fails then run from safe mode

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\irpbsbib.sys -- (irpbsbib)
  DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ggiiltac.sys -- (ggiiltac)
  FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
  FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
  FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4bc48ed5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O4 - HKU\S-1-5-21-1606980848-1343024091-839522115-1003..\Run: [{1BDE61A7-23D0-66A0-42E0-39EE539F51A5}] C:\Documents and Settings\Calvin\Application Data\Qiwau\yfqup.exe ()
  O4 - HKU\S-1-5-21-1606980848-1343024091-839522115-1003..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe File not found
  O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\coopx.exe ()
  O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\fanaze.exe ()
  O4 - Startup: C:\Documents and Settings\Calvin\Start Menu\Programs\Startup\icsaeh.exe ()
  O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\azaw.exe ()
  O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\etqoat.exe ()
  [2010/12/04 09:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Calvin\Application Data\Qiwau
  [2010/12/04 09:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Calvin\Application Data\Obwi
  [2010/12/04 09:54:59 | 000,160,800 | ---- | M] () -- C:\Documents and Settings\Calvin\Start Menu\Programs\Startup\icsaeh.exe
  [2010/11/22 15:31:14 | 954,142,924 | ---- | M] () -- C:\Documents and Settings\Calvin\Desktop\Zack And Miri Make A Porno ((2008)) DVDrip(divx)BigbrO.AVI
  [2010/12/04 09:54:59 | 000,160,800 | ---- | C] () -- C:\Documents and Settings\Calvin\Start Menu\Programs\Startup\icsaeh.exe
  [2010/11/25 11:12:31 | 954,142,924 | ---- | C] () -- C:\Documents and Settings\Calvin\Desktop\Zack And Miri Make A Porno ((2008)) DVDrip(divx)BigbrO.AVI
  [2010/12/04 09:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Calvin\Application Data\Obwi
  [2010/12/04 09:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Calvin\Application Data\Qiwau
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[mykidchloe]

Okay So I ran the fix and it produced a log I assume. So that will be the 1st attachment. The second attachment is the new quick scan log. I ran the custom one. Let me know if you want me to just do a regular scan and I will. But... after the fix, combo fix is still finding traces of avg on the computer... One tough cookie...

By the way, I really appreciate you guys for this.

[mykidchloe]

The second upload is in unicode. I re saved it.

[essexboy]

could you run AVG remover again

Then I will use a different tool to check for malware.  But, let me know what your current problems are in the next post

 Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
  
• Double click on AVZ.exe to run it.
  
• Run an update by clicking the Auto Update button on the Right of the Log window:
  
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.

• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.

• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Upload both virusinfo_syscure.zip and virusinfo_syscheck.zip to  Mediafire and post the sharing link.