Malware infection and following the guide.

[essexboy]

It can be scary the first time you see it run 

[warnolo]

Alright, theres the log, but i don't see it worked.

So what do we do now?

Also i have to say that the avast and MBAM poped out when it started.

[essexboy]

OK I think I know what the black screen problem was... OTL was still clearing all of your temporary folders (they must have been rather full ) 

What problems are you experiencing at the moment ?

[warnolo]

well, now it got slow, the voice recognition (that was infected i think) doesn't work, Didn't checked out but avast didnt work (as it was broken or something)

Now i don't know what is going on, so how should i proceed from know?

Well, well, not really slow but the programs that start with the computer doesn't start untill a long while, don't know how is now as i'm scared to try.

Also, can you tell me what was going on with the install file on the d:\? thats my restore disk to restart the computer into factory configuration. I would like to know if it got infected too and i can confirm i'm damned.

[essexboy]

Is avast working now ?

If not then run a repair
Go to control panel
Programs and Features
Select Avast
On the popup scroll down on the left to the repair and select that

[warnolo]

can i do it on safe mode?

[warnolo]

ok, tried to do it on safe mode and gave me an error saying.

Error procesing packages.
Please use full update.

And then this:

22.12.2011 23:08:49 general: Started: 22.12.2011, 23:08:49
22.12.2011 23:08:49 general: Running setup_ais-509 (1289)
22.12.2011 23:08:49 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:08:49 system: Memory: 13% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029324/2097024K free
22.12.2011 23:08:49 system: Computer WinName: USUARIO-PC
22.12.2011 23:08:49 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:08:49 general: Cmdline: /uninstwiz 
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 registry: Deleted registry: Software\AVAST Software\Avast\UpdateReady
22.12.2011 23:08:49 system: Using temp: C:\Users\Usuario\AppData\Local\Temp\_asw_aisI.tm~a01492 (251384M free)
22.12.2011 23:08:49 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:08:49 general: DldSrc set to inet
22.12.2011 23:08:49 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:08:49 system: Computer DnsName: Usuario-PC
22.12.2011 23:08:49 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:08:49 system: Installed in: C:\Program Files\AVAST Software\Avast (251384M free)
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:49 package: Part prg_ais-509 is installed
22.12.2011 23:08:49 package: Part vps_win32-11122200 is installed
22.12.2011 23:08:49 package: Part setup_ais-509 is installed
22.12.2011 23:08:49 package: Part jrog-a7 is installed
22.12.2011 23:08:49 package: Part jrog2-3b9 is installed
22.12.2011 23:08:49 general: LoadState: Edition=1
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:08:49 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:08:49 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
22.12.2011 23:08:49 general: SelectCurrent: selected server 'Download323 AVAST5 Server' from 'main'
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:54 general: Operation set to INST_OP_REPAIR
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entering:UpdateInstallPackages
22.12.2011 23:08:54 general: progress thread start
22.12.2011 23:08:54 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:08:54 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:08:54 package: Error processing packages. 0x20000011

[essexboy]

No do it in normal mode

[warnolo]

ok, this is weird.

The computer doesn't look working weirdly  except by the fact that every starting program doesn't start at the very beggining like always.

And the error is the same. I'll post the inform in the next post.

[warnolo]

22.12.2011 23:17:12 general: Started: 22.12.2011, 23:17:12
22.12.2011 23:17:12 general: Running setup_ais-509 (1289)
22.12.2011 23:17:12 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:17:12 system: Memory: 17% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029312/2097024K free
22.12.2011 23:17:12 system: Computer WinName: USUARIO-PC
22.12.2011 23:17:12 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:17:12 general: Cmdline: /uninstwiz 
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 system: Using temp: C:\Users\Usuario\AppData\Local\Temp\_asw_aisI.tm~a04136 (251417M free)
22.12.2011 23:17:12 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:17:12 general: DldSrc set to inet
22.12.2011 23:17:12 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:17:12 system: Computer DnsName: Usuario-PC
22.12.2011 23:17:12 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:17:12 system: Installed in: C:\Program Files\AVAST Software\Avast (251417M free)
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:17:12 package: Part prg_ais-509 is installed
22.12.2011 23:17:12 package: Part vps_win32-11122200 is installed
22.12.2011 23:17:12 package: Part setup_ais-509 is installed
22.12.2011 23:17:12 package: Part jrog-a7 is installed
22.12.2011 23:17:12 package: Part jrog2-3b9 is installed
22.12.2011 23:17:12 general: LoadState: Edition=1
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:17:12 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:17:12 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
22.12.2011 23:17:12 general: SelectCurrent: selected server 'Download347 AVAST5 Server' from 'main'
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:18:30 general: Operation set to INST_OP_REPAIR
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entering:UpdateInstallPackages
22.12.2011 23:18:30 general: progress thread start
22.12.2011 23:18:30 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:18:30 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:18:30 package: Error processing packages. 0x20000011

Also, thanks to MBAM i know i'm still infected and recieving attacks.

[warnolo]

So avast is there, unable to start or to update even if i click on repair or iniciate on the program window.

[essexboy]

OK I will need to use a different analysis/curing programme - this will take several hours to run dependant on the size of your drive

Upload the zip file to megaupload - link at the bottom

Download AVPTool from Here to your desktop  
  
Run the programme you have just downloaded to your desktop (it will be randomly named )  
  
First we will run a virus scan  
 
Click the cog in the upper right  

 
 
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan  

 
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
 
 
Now the Analysis
 
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information  
 

 
On completion click the link to locate the zip file to upload and attach to your next post  
 

Megaupload

[warnolo]

So i install the Karpenski tool?

edit: ok, didn't say anything after reading well.

edit 2: Also how many several hours? Because if is over 3 or 4 i could go to bed, but i'm scared to leave my computer turned on alone.

[essexboy]

It may take two hours - it is really dependant on how many files you have

[warnolo]

Another question. Kaspersky detected a trojan and offers me to delete it, but it didn't finished the scan, shall i delete it?

Also yeah, it say 2 hours.

By the way, should i worry more than i already am? is this infectiont really severe?