Infected by Atraps.gen2 and other viruses

[Superandri91]

yep. now it just detected a file called 80000032.@ in assembly\temp\U associated to "tr/alureon.tk.9"...

[essexboy]

OK delete that folder although up till now it has always been tmp

Place this fix in OTL and run

Code: [Select]

:Files
C:\Windows\assembly\temp\U

[Superandri91]

ok! this time it said "deletcted". am i fine now?

[essexboy]

You should be - let it run for a bit

[Superandri91]

thought it was finished, done last AV scan but it found again the viruses!
consrv.dll and 2 desktop.ini associated to atraps.gen2

[Superandri91]

After the deletion from my AV, i rebooted and my system stop working. So, i had to do the system restore for the 100th time! This virus doesnt want to leave my pc!

[akama1]

wow nasty piece of virus on ur pc.... u tried doing a scan with hitman pro and dr.web cureit ?

you should do a scan with gmer rootkit and post the log up here

[essexboy]

Lets have a fresh look

You may have a new variant...  I am still concerned that the cracks are the root cause, no matter that you say they are clean

 Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Superandri91]

I followed your instructions but now its even a bigger mess! Im from my smartphone so i cant upload it because after doin it i cant open any programme on my pc because it says that the reg key is going to be deleted! Anyway, it deleted gac_32 and gac_64 desktop ini, temp cfgi.ini and c:\windows\system32\consrv.dll. What do i do know? it seems they continue to regenerate!
ps when it rebooted, in the prompt for like 1 sec i read something like "access blocked"... i dont know if that's important or not!
thanks for everything

[Pondus]

there is often a hang in the system after running combofix.......rebooting twice often corrects it

[Superandri91]

but the consrv.dll, desktop. ini, ect arent necessary to the system to work? And what are these GAC folders? never heard... what should i do now?

[essexboy]

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Could you post the log please

[Superandri91]

Surely... It actually seems to load programmes now...

[essexboy]

The GAC folders are part of DotNet

How is it running now ?

[Superandri91]

I should restart the scan with my AV, because it seems to run well but then it finds these fucking viruses...