Author Topic: I have a virus and i NEED help getting rid of it... please :)  (Read 4315 times)

0 Members and 1 Guest are viewing this topic.

CBam

  • Guest
I have a virus and i NEED help getting rid of it... please :)
« on: November 07, 2011, 07:08:07 AM »
I have a virus on my computer, i have tried several programs to find and remove it, it just keep etting worse. ON top of that i tried to plug in my external hardrive to put a file on it so i had it backed up and i could wipe my computer and re-install my back up, and it infected 2 of my backup files while it was plugged in and my full back up wont work now. I have acess to all of my back up files except for two of them, but when i try and do it, it skips random files. I have tried microsoft security essentials, hijackthis, and avast. they have all found things and are not able to remove them. it is at the point where i cannot open programs when im not in safe mode. please help me.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #1 on: November 07, 2011, 11:51:56 AM »
Follow this guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0


Then essexboy will help you when he arrive her later today

CBam

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #2 on: November 07, 2011, 11:22:48 PM »
OK thank you so much!... firts i installed malwarebytes and did a scan, it found infected files.. i removed them and restarted.. when i restarted my computer wouldnt turn back on without a system restore... when i turned it on i could not find the logs... i downloaded it and did it again..

This is my Malwarebytes Log....

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8110

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07/11/2011 4:22:08 PM
mbam-log-2011-11-07 (16-21-57).txt

Scan type: Quick scan
Objects scanned: 195100
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\u8adm8.com_ (Trojan.Downloader) -> No action taken.
c:\Windows\SysWOW64\u8adm8.com_ (Trojan.Downloader) -> No action taken.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #3 on: November 07, 2011, 11:34:18 PM »
the log say "NO ACTION TAKEN" .....so did you click the remove selected button?

and you need to attach not copy and paste the other logs also

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #4 on: November 07, 2011, 11:38:09 PM »
1. Send the c:\Windows\System32\u8adm8.com sample to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image1). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.

2. You say you removed them, but the log shows 'no action taken.' if so - Run MBAM again and allow it to deal with the detections, e.g. Remove selected, image2.

3. Continue with the other tools (OTL) and post the log, as quick as you are able to as essexboy is on UK time (now 10:35pm), so he won't be on-line for much longer.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CBam

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #5 on: November 08, 2011, 12:10:27 AM »
the log say "NO ACTION TAKEN" .....so did you click the remove selected button?

and you need to attach not copy and paste the other logs also

yes i did click the remove button.. but it removed something that made my computer not start again.. and i had to do a system restore... so i lost the first log where i removed them and restarted my computer..

CBam

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #6 on: November 08, 2011, 12:22:05 AM »
I posted my OTL logs in the previous message. I hope i saved them right, i tried a few times and could not find them in my computer or with the attachment browser.. let me know if there is anything else i can do

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #7 on: November 08, 2011, 12:29:53 AM »
it looks ok.....so now we just want the aswMBR log....

and then you get the what and how from Essexboy tomorrow

CBam

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #8 on: November 08, 2011, 02:55:18 AM »
here is my awsMBR log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #9 on: November 08, 2011, 08:48:47 PM »
You have the consrv malware - please do not delete the file - let me do it cleanly

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

CBam

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #10 on: November 11, 2011, 04:38:49 AM »
the virus started shutting down my computer, i had to wipe my c drive and re-install all my software.. thank you for the help though !

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #11 on: November 11, 2011, 09:11:06 PM »
Hmm they are getting more serious now, I will have to be carefull of these from now on

toobusyforvirus

  • Guest
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #12 on: November 11, 2011, 11:31:14 PM »
okay, it says continue to work in safemode or use system restore?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have a virus and i NEED help getting rid of it... please :)
« Reply #13 on: November 11, 2011, 11:35:03 PM »
? Posted in the main thread  ;D