Greetings, recently I’ve noticed a decline in computer performance, and AVG/MWB weren’t picking up anything so I installed Avast. This picked up something, which keeps popping up with this popup (Speedcap link) : http://speedcap.net/sharing/files/d0/bf/d0bfbd330942020028cd4a069c482d1f.png
Note: The URL’s constantly change, and as i finish this post it’s had 50 blocked attempts.
Attached are logs from TDSSKiller, MBAR, And Zoek which I heard in another thread which had similar problems, but the problem isn’t going away even afterwards!
Sorry for the lengthy wait, I was at work Did that scan, here’s the log. Had to run it in safemode, for some reason my computer wasn’t booting until I started in safemode. Still doing it, unfortunately
Always had avg installed. But it was pre zoek, post 3 logs I sent. Don’t know why. I tried a combo fix but it didn’t do much of anything. Should I fetch new logs?
Sorry, couldn’t find the combofix report from before, so I scanned again. Also, the FRST was run last night as well, so it’s included. But the combofix is new. Sorry for confusion. I tried taking proactive steps, with no luck.
EDIT: While the effect still persists, the URL’s all have pigeon something in the name, which is slightly humorous, except for you know, the infection.
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Thank you for your help btw! Here’s the log. During the first run, I think one of my anti virus programs (AVG) started up, because it took over 20 minutes on the creating a log screen. So, I restarted the scan, and here’s the log from that (it rebooted my computer).
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
Well, I haven’t seen a popup since running the CFix script you gave me, so hoping that it’s worked well. If anything changes, I’ll make a new topic/reply to this one if it’s in a day or two. Thank you so much for your help!
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt
Did that scan, here’s the log. Had to run it in safemode, for some reason my computer wasn’t booting until I started in safemode. Still doing it, unfortunately
