system
March 26, 2012, 8:56pm
1
Managed to catch this naughty thing last night which was rather annoying! I’ve run through the steps to remove it as found here: http://forum.avast.com/index.php?topic=53253.0
During the scan with aswMBR.exe, I had a warning about the FakeSysDef Trojan being found in a temporary file but this was removed instantly.
Please find my logs from aswMBR, OTL and Rogue Killer. I have all my icons back as well as the start menu icons after a couple of reboots so everything appears to be back to normal. Hopefully someone can give me some good news
Many thanks!
system
March 26, 2012, 8:57pm
2
More logs, can I remove the RK_Quarantine folder from the desktop? What about the MBR.dat file?
You look to have got most of it - what problems remain ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2012/03/25 23:34:02 | 000,000,440 | -H-- | M] () -- C:\ProgramData\giin9VX3CYAcwf
[2012/03/25 23:31:08 | 000,000,677 | -H-- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/25 23:31:08 | 000,000,653 | -H-- | M] () -- C:\Users\Ben\Desktop\System Check.lnk
[2012/03/25 23:30:55 | 000,361,984 | -H-- | M] ( ) -- C:\ProgramData\giin9VX3CYAcwf.exe
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 “%AllUsersProfile%\Start Menu” /H /I /S /Y /C
xcopy %Temp%\smtmp\2 “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch” /H /I /S /Y /C
xcopy %Temp%\smtmp\3 “%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar” /H /I /S /Y /C
xcopy %Temp%\smtmp\4 “%AllUsersProfile%\Desktop” /H /I /S /Y /C
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
March 26, 2012, 9:23pm
4
Here is the OTL quick scan log after running your fix. Nothing seems wrong on the surface so if the logs say I’m clean, I guess all is ok!
There were a few malware files hanging around and some folders/file were stashed in the temp folder
You should have them all back now and the system check icons should be gone
system
March 26, 2012, 9:30pm
6
Once again you come to my rescue! Big thanks essexboy, you seriously know your stuff!
My pleasure
To remove everything then run OTL and hit the cleanup button
Manually delete aswMBR and the dat file