a malware problem

please i have a similar problem as this user http://forum.avast.com/index.php?topic=119713.0

And i also wish to copy part of his post for help…

I inserted an usb drive into my laptop and scanned it while opening the drive many files are not visible, and folders were displayed as shortcuts.
after that i could see that below 2 urls are invoked at regular intervals and blocked by avast
hxtp://nnh42.name/a/
hxtp://jsh37.net/a/

please someone help me out because it is really disturbing me.
thanks

You should follow the advice in the first reply of that topic (quoted below), use the analysis tools and attach the logs files in this topic.

It isn’t advisable copying part of his post unless it (including the URLs) matches your issue.

thanks for responding.
i run both adwcleaner and mbam in safe mode.i will attach the log to you for help.

your AdwCleaner log say search, run it again and click delete for removal of the crap files found

also attach OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0

thank you.
i run the adwcleaner again as u instructed and also run the otl. i have attached the three logs.

malware remover is notified… check back later :wink:

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
O4 - HKU\S-1-5-21-3419477831-1356177130-1696690655-1000..\Run: [056a] C:\Users\admin\AppData\Roaming\137\056a.js ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\51285.js ()

:Files
C:\Users\admin\AppData\Roaming\137
C:\12b


:files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Please download zoek.exe and save it to your desktop.

[list]
[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



C:\Users\admin\AppData\Roaming\137;vs
startupall;
filesrcm;
firefoxlook;
Chromelook;
skipfix-iedefaults;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

hello
i am sorry for the delay in my reply. i run all the applications as instructed in your message but i am still having the problem.i have attached the logs of the various scans you instructed
i am hoping to hear from you soon
thank you.

hi
i am hoping to get a reply soon.

thank you

hey magna86 will continue help you when he comes online again.

Hi, :slight_smile:

USB Disk Security only with big and green shiny colors and via nice words “you are protected” can protect your system from USB kind malware.
In the real world USB protection is quite different story from what USB Disk Security knows …

Let’s do an valid USB storage devices / removable drives check:

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


Re-run zoek.exe as you did before but use this script:

C:\Users\admin\AppData\Roaming\137\*.js;f
C:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js;f
C:\users\admin\AppData\Roaming\137;fs
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936};vs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"056a"=-;r
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}];r
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C30DAF89-C966-4796-F7B2-EC4BB8E6BB95}];r
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE930633-72f4-76D7-A0FF-142E3A16EB8B}];r
autoclean;

Click on RunScript button. Attach here fresh zoek log

hello
thank you.i just did what you asked me to do. i have the logs attached to this reply. but i had to run zoek in safe mode.

Hi,

but i had to run zoek in safe mode.
OK, no problem. But why couldn't execute zoek script in normal mode?

Malicious lines should disappear. How is your computer running now?

Re-run OTL, just click on QuickScan and attach here fresh OTL.txt log

thank you very much malicious lines have disappeared. i run the otl as you instructed. i will attach the log in this reply.once again thank you.

this is the log of the last otl scan

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.

Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.


I recommended to keep Malwarebytes and to use MCShield if you will.

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.