80000000.@ 80000032.@ etc malware problems

Viruses and worms
1

Hi,
Avast has been kindly letting me know that my laptop has become infected with malware (80000000.@, 80000032.@, 000000Cb.@, 0000004.@ I think).

I have followed the instructions on other similar topics and have attached my logs. I would greatly appreciate any assistance in fixing this.

Please let me know if you need any more information from me.
Kind regards,

2

Hey,

Just wondering if there are any other logs, or scans I should run in order for someone to be able to help me with this.

Many thanks.

3

A malware removal specialist has been informed of your topic.

4

Monitoring.

5

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:files
C:\windows\Installer\{20ac6d56-4bc0-6dd1-485e-4b43c040f990
ipconfig /flushdns /c

:commands
[CREATERESTOREPOINT]
[emptytemp]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

Step2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

6

Thanks for the instructions argus. See my log files attached.

I am now getting a “Illegal operation attempted on a registry key that has been marked for deletion” when trying to use notepad or firefox (Havent tried to open anything else). Is this a normal part of the procedure?

Kind regards,

7

That has been seen to happen and a reboot normally resolves that error.

8
I am now getting a "Illegal operation attempted on a registry key that has been marked for deletion" when trying to use notepad or firefox (Havent tried to open anything else). Is this a normal part of the procedure?

You just restart computers

How’s your computer behaving now?

9

Ah yes, once I restarted it everything is working fine. I have no more avast notifications popping up for those malware issues either. All seems to be good.

Thank you very much for your help. I really appreciate it.

10

It is necessary to uninstall the ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Run OTL and hit the cleanup button.