Hi,
I’ve been working through severe virus problems on my windows 7 PC since last Thursday (9/5), and I was hoping that someone would be able to tell me if my problems appear to be gone, or if any still linger. I first learned that something was wrong when Norton kept blocking attacks from Trojan.ZeroAccess.C and Trojan.Gen2. The problem escalated by the time I had returned from work that day, with other viruses (white screen trojan that attemps to make you pay money) and adware (“Antivirus Security Pro”) joining in, and I have since removed a ton of malware using a number of programs, including MBAM, MBAR, AdwCleaner, and Sophos AV Removal Tool.
Almost all of my scans come back clean now, but I’m still somewhat paranoid that something may be wrong, especially since I know that Zero Access is a really nasty rootkit which is hard to shake. As such, I have not allowed my PC to connect to the internet except to update virus definitions for the aforementioned programs. The only scan I’ve run that appears to output anything but a completely clean slate is aswMBR, which prints several services in yellow and says they are locked (all related to Norton, ironically). I was unsure of what that meant. I ran aswMBR (as well as MBAR and TDSSKiller) because rootkits are the thing I am most worried about.
That being said, I haven’t really noticed much unusual behavior in the last 2 days, except for a couple of small changes. One is that there’s been an accumulation of generic files with long hexadecimal names in curly braces on my C drive proper (i.e. not within any subdirectories). These files are never detected as being malicious by any scans, but they’ve only been being created since around the time the virus problems started, which is suspicious (unless they’re being created by the anti-malware programs). There’s also a recently created local.conf on the same level. I’m attaching an image to my next post called “Weird Filenames.png” which shows you what I’m talking about.
I’ve also had a black screen in between logging in to windows and being shown my desktop, which happens sometimes, but it seems to last longer than normal. The much odder thing was when I logged into normal mode for the first time after running scans in safe mode, a gray message box appeared centered on this black screen that said “Please wait…”, which I’ve never seen before any any PC. Does that sound more like something that would be displayed by malware or by windows?
As requested in this thread: http://forum.avast.com/index.php?topic=53253.0, I have attached logs from AdwCleaner, MBAM, OTL, and aswMBR (see this post and following reply). If I could get an opinion on how my system looks based on these logs (and any additional logs, if requested), that would be much appreciated.
Thanks!!