Author Topic: Found Malware and others Please help (Read 6507 times)

rjrotello · « **on:** November 20, 2010, 08:30:02 PM »

My avast found malware and quite a few more viruses, and it can't delete or repair them.
I have called avast multiple times but they wont help unless i pay atleast 169.00, which
is not an amount i have as a student. Please help me with these horrid computer problems.

rjrotello · « **Reply #1 on:** November 20, 2010, 08:34:31 PM »

And I have a 64 bit so I am unable to preform the boot-time scan

Rednose · « **Reply #2 on:** November 20, 2010, 08:41:44 PM »

Hi rjrotello, welcome to the forum

Please follow the directions from this topic :

http://forum.avast.com/index.php?topic=53253.0

... and post/attach the requested logs in your next reply.

I will pm essexboy that you need help

Greetz, Red.

rjrotello · « **Reply #3 on:** November 20, 2010, 09:11:58 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5158

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/20/2010 12:05:12 PM
mbam-log-2010-11-20 (12-05-12).txt

Scan type: Quick scan
Objects scanned: 146115
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Robert Rotello\AppData\Local\Temp\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Rednose · « **Reply #4 on:** November 20, 2010, 09:22:13 PM »

And please the OTL log

I have pm-ed essexboy, he will help you further

Greetz, Red.

rjrotello · « **Reply #5 on:** November 20, 2010, 09:25:19 PM »

Have done all the things that is asks now what?

rjrotello · « **Reply #6 on:** November 20, 2010, 09:27:26 PM »

the otl files are too big to post but i have them on my desktop saved

Pondus · « **Reply #7 on:** November 20, 2010, 09:28:36 PM »

Quote from: rjrotello on November 20, 2010, 09:27:26 PM

the otl files are too big to post but i have them on my desktop saved

see lower left corner: additional options > attach

rjrotello · « **Reply #8 on:** November 20, 2010, 09:32:17 PM »

Thanks

rjrotello · « **Reply #9 on:** November 20, 2010, 09:37:01 PM »

first one

essexboy · « **Reply #10 on:** November 20, 2010, 10:05:12 PM »

Hi what problems are you experiencing and what files is Avast reporting as infected ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

rjrotello · « **Reply #11 on:** November 20, 2010, 10:15:15 PM »

It just now rebooted and put this up

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robert Rotello\Downloads\cmd.bat deleted successfully.
C:\Users\Robert Rotello\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Robert Rotello
->Temp folder emptied: 3370872625 bytes
->Temporary Internet Files folder emptied: 96085033 bytes
->Java cache emptied: 3070554 bytes
->Google Chrome cache emptied: 336198166 bytes
->Flash cache emptied: 2138761 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17877419 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 15024227913 bytes

Total Files Cleaned = 17,977.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Robert Rotello
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11202010_130833

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Robert Rotello\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Robert Rotello\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33AC9D6C-134C-46E5-B051-9F8C8F96BFDF}.tmp not found!
File\Folder C:\Users\Robert Rotello\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ABEF90D4-78C5-4A41-A691-9EDA6ADB34F4}.tmp not found!
File\Folder C:\Users\Robert Rotello\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F3F8DC80-044E-4E0D-BEE6-DCB0FC98B157}.tmp not found!
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

essexboy · « **Reply #12 on:** November 20, 2010, 10:24:35 PM »

What are your problems, I need to know this so that I can construct a plan of attack

rjrotello · « **Reply #13 on:** November 20, 2010, 10:27:48 PM »

There were quite a few viruses that I am unable to delete through avast, some malware, trojans, and worms. There are alot of errors and warnings

essexboy · « **Reply #14 on:** November 20, 2010, 10:31:54 PM »

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Author Topic: Found Malware and others Please help (Read 6507 times)

rjrotello

Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

Rednose

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

Rednose

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

Pondus

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

essexboy

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

essexboy

Re: Found Malware and others Please help

rjrotello

Re: Found Malware and others Please help

essexboy

Re: Found Malware and others Please help