42102 + several other virus alarms

Hi,

Since a few days i’m running into a range of troubles. Let me try to give a summery of the symptoms, and attached are the OTL and aswmbr.txt files.

  • Chrome crashes regularly, especially on shockwave pages

  • on startup, Avast mentions several virusses blocked

  • Avast scans freeze at anywhere between 10-20% completed. The file & file extention it stops with differs

  • in the warnings section, almost all PDF files on my system are listed, with warning 42102

  • since these days, my laptop crashes regularly (‘blue screen of death’, or just plain freeze)

  • 24/2 i ran a full system scan, without any problems

  • 1/3 first scan with virusses found:

Please help!

Thanks

on startup, Avast mentions several virusses blocked
what files...what malware does avast say you have....attach a screenshot of avast warning

have you run a quick scan with malwarebytes? http://forum.avast.com/index.php?topic=53253.0 and attach log

see attached two examples…

now windows explorer keeps crashing. Have run malware bytes, nothing found…

will run again & add log

Do you use usb stick…among different computers?

Malware experts are notified…

I’m guessing that was spread via USB. That is a lot of HTML files for 1 too have.

I’d recommend you install MCShield. Run it and plug all your USB drives into the infected machine. MCShield will automatically clean them if any .VBS/VBE programs are active and any current malware is on them. Also note. Please attach the MCShield log file.

PS: “MCShield” is a clickable download link to their main website.

in general: yes…

but i don’t recall using one the last week.

Will install MCshield, thanks so far :slight_smile:

Hi.

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Ok, MCShield is running,

and I have run Farbar (see attached)…

Any tips/conclusions?!

Thanks again so far :slight_smile:

Please download Anti-VBSVBEx64.exe on your Desktop

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

.

Next

Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Hi,

See attached the VBAVBS log…

I ran TFC, and rebooted.

Then immediately got another warning, so ran a quick scan (well, 12%, then it froze again…)
See attached the screenshots…

Scan with Combofix:

[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.

[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.

[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )

See attached…

hope this killed it…

  • update - not quite… Avast is still giving notices like mad… mostly BV:Popupper-C [Trj]

  • update - an example:
    URL: http://www.google-analytics.com/ga.js
    Infectie: BV:Popupper-C [Trj]

And can’t download roguekiller, and combofix is no longer working…

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
.


Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

[*] Unzip/unrar MBAR in a folder to your Desktop
[*] Open the folder where the contents were unzipped to run mbar.exe

[*] Click on Next > then on Update button to download fresh definitions.
[*] When database updates click Next
[*] In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”

[*] If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

[*] The Clean up procedure will be Scheduled for process.
[*] When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

Attached the log of TDSSkiller - 0 result…

downloading anti-rootkit now, but download keeps hanging on 0 seconds left… (3 times in a row now, now attempting in safemode)

Avast just showed warning that it couldn’t update to the newest definitions (that is new, so far it never gave that message)

and the mbar log… 0 result…

I’m getting seriously confused now…

-edit - that was in safe mode, running it now in normal mode…

You have a macro virus infection. I do not possess the tools to remove such an infection.
http://en.wikipedia.org/wiki/Macro_virus

Run Avast boot time scan and remove everything it finds. Only antivirus program may remove the virus.
Log file is located:
C:\ProgramData\AVAST Software\Avast\report[b]aswBoot.txt[/b]

Ok, glad that that’s clear…

but:
i have tried twice now to run the boot time scan, once scheduled from safe mode, and once scheduled from normal mode, but both times, after restart there is no boot time scan (2nd time i shut down, wait 1 minute and start up again).
Avast still says it’s planned for next system startup… ?

Avast still says it's planned for next system startup.. ?

You must initiate reboot.

i understand, and did that twice, but no scan…

now following the tip of this topic:
http://forum.avast.com/index.php?topic=86737.0

in clean re-install avast…