Boss brought me his daughters computer. It’s a mess! I installed Avast (free) today, and ran a boot time scan, and found the following viruses in the chest afterwards:
System is not terribly responsive. I thought I had MalwareBytes installed, but when I try to run it it errors out. When I try to run Avast from windows it hangs the system within 2 minutes, and I have to shut of via power button. I’ve rerun the Avast boot time scan with zero results. Not sure where to go from here.
Download DDS and save it to your Desktop from here: http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Attach DDS.txt back to topic.
[*] Double click the aswMBR icon to run it.
[*] Vista and Windows 7 users right click the icon and choose “Run as administrator”.
[*] Click the Scan button to start scan.
[*] When it finishes, press the Save log button, save the logfile to your desktop and post its contents in your next reply.
[*]Save it to your desktop.
[*]Please click OTM and then click >> run.
[*]Copy the lines inside the codebox below to the OTM program in the Paste Instructions for items to be Moved
Note: You may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
copy/paste or attach the contents of that document (notepad/log) back here in your next post.
[*]Download TDSSKiller and save it to your Desktop.
[*]Unxip the folder (Right Click > Extract to your Desktop).
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply Note:It will also create a log in the [b]C:[/b] directory.
Double click on [b]FixPolicies.exe[/b] to run it.
Click on [b]Install[/b].
It will create a folder named FixPolicies on your desktop.
Open the FixPolicies folder.
Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.
…
Please Re-Run DDS program and attach here:
fresh log from DDS (DDS.txt), log report from TDSSKiller, log report from OTM.
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASduaswhIfbMHgW deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== FILES ==========
File/Folder C:\ProgramData\ASduaswhIfbMHgW.exe not found.
recycler not found in C:
========== COMMANDS ==========
OTM by OldTimer - Version 3.1.18.0 log created on 06082011_152623
Files moved on Reboot…
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Owner\AppData\Local\Temp~DF4ACFFB1FDCA59A8B.TMP not found!
File C:\Users\Owner\AppData\Local\Temp~DF75114FA046EDAF03.TMP not found!
File C:\Users\Owner\AppData\Local\Temp~DF9C28DB83913DE05C.TMP not found!
File C:\Users\Owner\AppData\Local\Temp~DFBFCB4CDB36EC6BA7.TMP not found!
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
OK all of those steps are completed, and the requested logs are attached below. The systems is still locking up frequently, making this an arduous task.
Yes I did. I cannot remember for sure the outcome, but with each of the tools that you have had me run I have to shut off via power button and restart the sytem due to lock ups. I can rerun everything and post new logs if I need to.
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
This will Run ComboFix. Click on I agree
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
note: If you fail to run Combofix in normal mode, then delete Combofix.exe and download fresh Combofix and just re-run (double click) in safe mode
I’m sorry
just to tell you… the logs did not show traces of a serious infection.
maybe ComboFix could showed us something what the others tools did not see, maybe not …