Anything else need to be done?

I think I’m clean, but I haven’t had to do this before. Given the below, do I need to do anything else? And what should I do with the files in the Virus Chest (screenshot in the original post)? Also, I extracted most to upload to virustotal (see below); what should I do with those files? Thanks.

I originally posted here: http://forum.avast.com/index.php?topic=113218.0

I ran the items listed in the link in the reply to my original post.
After running the Windows online validation, the not genuine message didn’t come up again after the AdvCleaner reboot.

AdvCleaner deleted some things including one that I wanted but don’t use a lot (Expat Shield). I’m not sure about Conduit. Log attached (user name changed to my display name).

Malwarebytes: mbam-log-2013-01-19 (00-58-00).txt log says “no malicious items detected” on everything listed.

I ran the other things on the list through aswMBR but perhaps I didn’t need to do anything after mbam?

I’ve also uploaded the extracted files to virustotal (or viewed ones that already existed).

https://www.virustotal.com/file/cd1dc02fab5116e5f6fb5a945c8666f666e9b94754db02918d7698af78d243d5/analysis/
https://www.virustotal.com/file/1922597ab7c8a0a37e7a108e5901cccbfa4f56d5276dc6edd080a07614514061/analysis/
https://www.virustotal.com/file/2e0532d50ce83beb8a4af5ee62264ea3991f9ef97707ea340e8ffbb1cc16d12d/analysis/1358624384/
https://www.virustotal.com/file/f51ed518a03bca85af0146c6d136a2152d4dc268aac6d03c08783168cfbefe82/analysis/1358624622/
https://www.virustotal.com/file/6f01eaa3ff1688b6f2ccd4d0865841ec19d3f65e423b554225a7ae5ebdb86c26/analysis/
https://www.virustotal.com/file/2de4324499f2af9c40d12f4df1073dd8eb8da838f21ff7a7148c5940f495c5f8/analysis/

There was another file that failed analysis and doesn’t come up in a search: Win32:IBryte-AH [PUP] in Flash_Player_Pro_Setup.exe. I don’t need that anyway, but I’m not sure about the others.

I originally posted here: http://forum.avast.com/index.php?topic=113218.0
then why did you not continue posting in the same topic......
I ran the other things on the list through aswMBR but perhaps I didn't need to do anything after mbam?
attach OTL and aswMBR logs
Win32:IBryte-AH [PUP] in Flash_Player_Pro_Setup.exe. I don't need that anyway, but I'm not sure about the others.
PUP = not a virus / Possible Unwanted Program....

Malware removers are notified. it may take hours before one arrive so be patient

What problems are you experiencing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-3382707480-872304617-3260225053-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
[2008/01/09 21:57:09 | 004,752,553 | ---- | M] (MicSoft) -- C:\DSCA700v03.exe
@Alternate Data Stream - 400 bytes -> C:\Users\radarrab\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5F64C164
@Alternate Data Stream - 1135 bytes -> C:\Users\radarrab\AppData\Local\HlWFEfME:fdNQYdMrFDvBC6Syn4HrNZWf
@Alternate Data Stream - 1021 bytes -> C:\Users\radarrab\AppData\Local\Temp:932ER4PlmyV8qj1ysjzio

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[quote author=essexboy link=topic=113270.msg885756#msg885756 date=1358681272]

What problems are you experiencing ?
I posted those previously, and listed some questions on the first post here. (It looks like other people have issues with the Adobe Acrobat/Reader files being put into the Chest too; I'm not sure if I need those files. Also I had to extract the files from the Chest in order to upload them to virustotal--what should I do with the extractions now?).

After running the boot scan that resulted in the Windows not genuine message then running the Windows validation (which seems to have fixed it), it did take longer for the desktop to load, but after this last OTL, it seems back to normal speed.

Run OTL

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


I attached the log, as well as the first log from the fix. (As stated earlier, I’ve replaced the actual user and computer names with placeholders in these logs. I also used the real username in this script that you provided for OTL.)

Thank you for the assistance.

I can see nothing untoward in the logs now

How is the computer behaving ?

It seems ok for what I’ve done so far.
Thanks.

Run OTL and press the cleanup button to remove it