Hi,
Every few minutes an Avast alert appears stating Malware detected.
They are all either 80000000.@ or 800000cb.@
Infection: Win32:Malware-gen
Process: C:\Windows\System32\services.exe
I have ran a Malwarebytes scan which found several objects but the alerts continue to appear.
I’ve also attached Malwarebytes, OTL and aswMBR logs.
All help greatly appreciated.
Many thanks,
Travis
malware removers are notified. it may take many hours before one arrive so be patient
when ever they are ready so am i
Hi you have a very old copy of OTL could you delete the current one and download the latest from www.itxassociates.com/OT-Tools/OTL.exe
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL [2011/12/10 01:05:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\j23u4pk5.default\extensions\{8c8abdb8-f176-47c9-b5e8-aabe3feda37f} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O4 - HKU\S-1-5-21-678431917-1218118559-374953158-1001..\Run: [AppleVerifierUpdate] rundll32.exe "C:\ProgramData\AppleVerifierUpdate.dll",DllRegisterServer File not found O4 - HKU\S-1-5-21-678431917-1218118559-374953158-1001..\Run: [Best Buy pc app] C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) [2012/01/05 12:59:44 | 000,008,180 | -HS- | C] () -- C:\Users\Travis\AppData\Local\185eex12f105lx52h4dqo8s043728x64b8132 [2012/01/05 12:59:44 | 000,008,180 | -HS- | C] () -- C:\ProgramData\185eex12f105lx52h4dqo8s043728x64b8132 [2011/12/18 23:42:55 | 000,009,070 | -HS- | C] () -- C:\Users\Travis\AppData\Local\2e76tn3x45n781 [2011/12/18 23:42:55 | 000,009,070 | -HS- | C] () -- C:\ProgramData\2e76tn3x45n781 2011/12/15 15:50:55 | 000,009,630 | -HS- | C] () -- C:\Users\Travis\AppData\Local\786687y7c168q428n153s8xbl4s1 [2011/12/15 15:50:55 | 000,009,630 | -HS- | C] () -- C:\ProgramData\786687y7c168q428n153s8xbl4s1 [2011/12/07 05:01:24 | 000,010,094 | -HS- | C] () -- C:\Users\Travis\AppData\Local\132528d2m167y563j548p7nwh7v8 [2011/12/07 05:01:24 | 000,010,094 | -HS- | C] () -- C:\ProgramData\132528d2m167y563j548p7nwh7v8:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
FINALLY
https://dl.dropbox.com/u/73555776/FSS.GIF
Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
ok so here is the new OTL logs. there are 2 of them because after the reboot one of them popped up and then after the scan another one so im attaching both. then starting on the next step
So here is my Combofix Log
So as far as everything you need about my machines preformance, I did have the issue about programs being marked for deletion but with a reboot that was fixed. beyond that I had created a shortcut to this very Topic so I could get back to it very quickly and it has now changed and when I click on it it says “Unable to open this internet shortcut. The protocol “http” does not have a registered program”.
Also it seems that those notifications that this whole post is about is gone but my Malwarebytes Anti-Malware is blocking more malicious websites than before…Type: outgoing
Port: 45581, Process: utorrent.exe
I have never had a problem with utorrent until now.
And here is my FFS log
Could you copy the MBAM log here please so that I can see what it is blocking
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Files C:\windows\Installer\{fc819fe8-c0de-88af-9226-f412e6acdb98} C:\Users\Travis\AppData\Local\{fc819fe8-c0de-88af-9226-f412e6acdb98} C:\Users\Travis\AppData\Local\786687y7c168q428n153s8xbl4s1 sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
The New MBAM
so i just went to run the last OTL scan with the fixes and such and it seemed to do fine until i got a warning saying that there was a critical error and to save my work because my laptop was about to restart and it gave me a minute. here is the otl log from when my laptop rebooted.
Could you copy the last 10 lines from the MBAM protection log please