Stuck while fixing Smart repair

[Yveline]

Avast blocked an internet page saying a threat had been detected. Shortly afterwards, error messages started to appear, then a smart repair window scanning my PC and asking me to pay for fixing it, then the desktop became black with no icon and the start menu became blank every other time or so. The scan brought no result but avast still tells me there is a threat.

Cruising aroung with another computer, I slowly understood (I am far from being a pro) I got infected by smart repair that appears to be difficult to treat by various antivirus. Today, when I rebooted the computer, Avast updated and told me to run a scan right away.

Its result :
c:\programData\ge697PHqssaffz.exe infected par Win32 : Dropper-gen [Drp] (where I wrote 7 is actually a sign I don't know, close to 7 but the bottom part is vertical. Rest of the scan result
 Click on
1 Cancel
2 Cancel all
3 Quarantine
4 Quarantine all
5 Fix
6 Fix all
7 Ignore
8 Ignore all
I clicked on 5 to fix and got error 42060 (the file didn't get fixed).

At this point, I don't know what to do because I am paranoied of doing something wrong and I need to enter something to get further. Can somebody tell me what to do?

Thanks,

Yveline

[DavidR]

The safest option would be to Quarantine as that at least leaves you other options, whilst Delete doesn't leave any.

[Yveline]

Thank you
I'll do that.
Yveline

[mikaelrask]

Hey i would also recommend you do a scan with malware bytes anti malware witch is a good program to clean this kind of rough programs witch smart repair is.

http://filehippo.com/download_malwarebytes_anti_malware/

good luck.

[DavidR]

Thank you
I'll do that.
Yveline

You're welcome.

[essexboy]

Hi do you have the desktop and icons back ?

If not

• Download RogueKiller  and save it on your desktop. 
  
• Quit all programs
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ... 
•     Click on Scan

   
 

• Wait for the end of the scan. 
• The report has been created on the desktop. 
• Click on the Delete button.

     

• The report has been created on the desktop.

• Next click on the ShortcutsFix   
  
  
• The report has been created on the desktop.

Please attach:    All RKreport.txt text files located on your desktop.

THEN

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach both logs

[Yveline]

Wow! You're faster than I am. Your post regarding  roguekiller was there before I had completed the process with malware byte. I was surprized it went fast since I read it took several hours. But, true, I went for the recommended quick scan. Should I go for the thourough scan?

Here is the report from malware byte. I saved it but don't know what to do with it.

Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Version of the database: v2012.06.15.07 Windows Vista x86 Service Pack 2 NTFS Internet Explorer 9.0.8112.16421 Rogine :: PC-DE-ROGINE [Administrator] 15/06/2012 18:31:10 mbam-log-2012-06-15 (19-12-54). txt Type: Full scan Scan options enabled: Memory | Start | Register | File System | Heuristic / Extra | Heuristic / Shuriken | PUP | PUM Scan options disabled: P2P Item (s) analyzed (s): 194581 Time elapsed: 5 minute (s), 37 second (s) Process memory detected (s): 0 (No malicious items detected) Module (s) detected memory (s): 0 (No malicious items detected) Key (s) detected the registry (s): 0 (No malicious items detected) Value (s) of the detected registry (s): 0 (No malicious items detected) Item (s) Memory Processes detected (s): 2 HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced | Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced | Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. File (s) detected (s): 0 (No malicious items detected) File (s) detected (s): 0 (No malicious items detected) (end)

Regarding roguekiller, I have tried to download it but I got a red alert window that told me it might damage my computer. So I shied away. I had the same with pre_scan.

[essexboy]

The programme is safe otherwise I would not recommend it, if it is IE with the red alert then select Actions > Run anyway
If it is Avast then select run normally.

This programme should restore all your folders and icons and OTL will show me what remains 

[Yveline]

Does the malware byte report tell you anything?

[essexboy]

It tells me that you may have a new variant as nothing was detected

[Yveline]

Weird! The screen (before clicking on save report) tells me they detected 2 malware PUM.hijack.start menu
I'll now proceed to do something about roguekiller.
Yveline

[essexboy]

They were just some registry entries that may be either good or bad dependant on what they are used for (Potential Unwanted Modification)

[Yveline]

I completed the first part of  rogue killer and attached the 3 files you said. I also have a quarantine file that was not there before.
I am moving on to next step and trying to find what is that page that popped out (system check). Maybe it is what you said next step should be)
Yveline

[essexboy]

OK there are all the files and folders back... Next OTL to remove what remains 


RogueKiller V7.5.4 [07/06/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Rogine [Droits d'admin]
Mode: Raccourcis RAZ -- Date: 15/06/2012 20:16:18

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Attributs de fichiers restaures: ¤¤¤
Bureau: Success 15 / Fail 0
Lancement rapide: Success 2 / Fail 0
Programmes: Success 3 / Fail 0
Menu demarrer: Success 30 / Fail 0
Dossier utilisateur: Success 4839 / Fail 0
Mes documents: Success 8695 / Fail 0
Mes favoris: Success 48 / Fail 0
Mes images: Success 552 / Fail 0
Ma musique: Success 2 / Fail 0
Mes videos: Success 3 / Fail 0
Disques locaux: Success 10562 / Fail 0
Sauvegarde: [FOUND] Success 0 / Fail 1

Lecteurs:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume6 -- 0x2 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[Yveline]

Well, I went on with next step which was downloading OTL. I first had a red alert from smart screen telling me it could damage the computer but I did proceed, and once it was downloaded, my antivrus (avast) popped out saying it found it suspicious and ran it in "the sandbox". Should I keep going?
Yveline