Author Topic: Need help getting rid of virus (Read 3659 times)

REDACTED · « **on:** March 18, 2012, 03:46:52 PM »

I've ran all kinds of scans with malwarebytes and advast but I keep getting attacked by something I've put my firewall on public setting and its blocking a lot of files every second even tho everything says I'm clean it cant be right.

essexboy · « **Reply #1 on:** March 18, 2012, 03:59:02 PM »

Could you follow the steps in this thread and post the logs here http://forum.avast.com/index.php?topic=53253.0

Also I would recommend that you change your username to something other than your mail address

REDACTED · « **Reply #2 on:** March 18, 2012, 10:44:18 PM »

essexboy · « **Reply #3 on:** March 18, 2012, 11:17:44 PM »

Hi Firstly I would recommend that you upgrade IE to version 8 as that is a big security hole in your system http://www.microsoft.com/download/en/details.aspx?id=43

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
[2012/01/18 20:44:54 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\Derek Wood\Local Settings\Application Data\cd9033a6
[2012/01/18 20:44:54 | 000,008,767 | ---- | C] () -- C:\Documents and Settings\Derek Wood\Application Data\bec728
[2012/01/18 20:03:20 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/17 22:52:05 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vr0FX00fMKi4yo
[2012/01/17 21:21:00 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Io3oRzuWdJpBBF
[2011/11/24 11:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\88F2A
[2011/11/13 05:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\aEEEL88gRZqYC
[2011/11/13 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\bmH5sQJ7dLgZhCk
[2011/11/13 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\evS2ibF3pGaJdK
[2011/11/13 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\fL9gTXqjUerPyAD
[2011/11/13 05:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\iD33onnG4aQ6sK7
[2011/11/13 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\JQJ7dEK8gZhX
[2011/11/13 05:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\vUUVVelOBtzPyc1
[2011/11/13 05:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\YDDD2obbF4mH5Q7
[2011/02/26 12:42:58 | 049,228,867 | ---- | M] () -- C:\Xen.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

REDACTED · « **Reply #4 on:** March 19, 2012, 01:34:40 AM »

Checked after reboot to see if I was still getting blocks in firewall and still same blocking many a second.

essexboy · « **Reply #5 on:** March 19, 2012, 11:29:32 AM »

Could you reset the firewall to home

Also what file is generating the outbound requests ?

REDACTED · « **Reply #6 on:** March 19, 2012, 10:23:37 PM »

If I set to home will I not get infected again? ; C:\WINDOWS\System32\svchost.exe

essexboy · « **Reply #7 on:** March 19, 2012, 10:27:18 PM »

Could you screenshot a section of the firewall log please

REDACTED · « **Reply #8 on:** March 19, 2012, 10:40:06 PM »

essexboy · « **Reply #9 on:** March 19, 2012, 10:42:21 PM »

That is your computer talking to your router and is totally normal

This is mine and I have allowed access - I am on a home setting

REDACTED · « **Reply #10 on:** March 19, 2012, 10:48:36 PM »

That's activity tho not connections

essexboy · « **Reply #11 on:** March 19, 2012, 11:07:39 PM »

Correct because I have allowed svchost to access my router

Set the firewall to home and then look at the connections

Ensure that host services is allowed

REDACTED · « **Reply #12 on:** March 19, 2012, 11:12:59 PM »

That looks better

essexboy · « **Reply #13 on:** March 19, 2012, 11:18:45 PM »

When you set to public Avast locks the system right down to enhance the security

But for normal home use you need to be able to communicate with the router

Are you experiencing any other problems

REDACTED · « **Reply #14 on:** March 19, 2012, 11:22:04 PM »

Doesn't look like it we'll see tomorrow after the full system scan tonight if there are any new virus'.

Author Topic: Need help getting rid of virus (Read 3659 times)

REDACTED

Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus

essexboy

Re: Need help getting rid of virus

REDACTED

Re: Need help getting rid of virus