Avast identified Malware???

Hi,

I was having issues with my laptop - slow speed, random websites opening, a Chrome warning about pages not responding (Kill page or Wait options), etc. I run a full scan and a large number of files were listed as could not be scanned. I googled a couple to find they are malware.

I have read the Logs To Assist Cleaning Thread and will attach the logs from the various scans recommended.

Malware Logs attached…

aswMBR log…

I’m not sure if I am meant to run Rogue Killer as well. Am I?

I would really appreciate our help.

Thanks.

attach AdwCleaner log…

that is the biggest Malwarebytes log i have seen for a long time…and just crap files… how do you surf ???

I run a full scan and a large number of files were listed as could not be scanned.
files that can not be scanned for whatever reason avast gave (you dont say) does not mean they are infected..... it is just a scan error report
I googled a couple to find they are malware.
googling file names does not give a 100% correct info. i can attach a notepad.txt and give the file a name related to malware.... does that then mean the .txt is infected ::)

you may attach a screenshot of the avast scan result

Hi,

Please download Farbar Recovery Scan Tool and save it to your desktop.

[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sorry, I thought I had saved the AdwCleaner log. I have attached it now.

As for how I browse…errr…normally I guess. I’m not sure I understand the question. I had someone download some stuff recently like Connectify Hotspot and others. I also last week downloaded a number of word docs from Scribd for research. I do recall updating Java and then reading in Tech News something about it not being a good idea to update it. But my free Avast is updated and running. So I guess I didn’t realize there was a problem.

Attached are 3 Screenshots. Will follow with 4 more. The files are numerous and some are def java related. Also the files seem to be repeated.

Hi argus, I will download Farbar shortly.

Pondus, please see additional screenshots.

Last one…

follow argus advise…he will work Your case

Thanks, Pondus.

Argus, please see attached logs.

I’m currently crying out of laughter right now. No wonder why your PC is slow. Like holy damn man. Largest MBAM file I’ve ever seen. (Except for Britec, who tests malware). Dang man just dang.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
MountPoints2: {0b6eebf2-ddb2-11e2-aa39-642737dac002} - G:\AutoRun.exe
MountPoints2: {0b6eec04-ddb2-11e2-aa39-642737dac002} - G:\AutoRun.exe
MountPoints2: {2e7b8ab3-bda4-11e1-a933-642737dac002} - H:\.\Setup.exe AUTORUN=1
MountPoints2: {7a378972-dfec-11e2-ac30-642737dac002} - G:\AutoRun.exe
MountPoints2: {7a37897d-dfec-11e2-ac30-642737dac002} - G:\AutoRun.exe
MountPoints2: {9c17fba7-de88-11e2-a7a1-642737dac002} - I:\AutoRun.exe
MountPoints2: {b6cfa238-960f-11e2-8ad2-642737dac002} - G:\.\StartModem.exe
SearchScopes: HKCU - {1A65A1A9-D546-4900-977F-FBA080E95536} URL = http://searchou.com/?q={searchTerms}&id=12087f38000000000000582c80139263&affilt=5&r=582
BHO: SmileysWeLoveToolbar - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll ()
Toolbar: HKLM - privitize Toolbar - {1C46A0DD-D53E-46C4-A435-CA11103E255E} - C:\Program Files\Industriya\privitize\1.8.21.6\privitizeTlbr.dll No File
Toolbar: HKLM - SmileysWeLove - {cf0f43ab-9c23-4d7b-8040-201b82844854} - C:\Program Files\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll ()
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXL1EA1CCTRRCCTRR&ts=1376061392
FF SelectedSearchEngine: qvo6
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\searchplugins\privitize.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF Extension: Privitize.com - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\Extensions\ffxtlbr@privitize.com
FF Extension: WebCake - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\Extensions\plugin@getwebcake.com
FF Extension: uTorrentControl_v6  - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
FF Extension: torntv2 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugxawyng.default\Extensions\torntv2@torntv.com.xpi
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXL1EA1CCTRRCCTRR&ts=1376061392
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXL1EA1CCTRRCCTRR&ts=1376061392"
CHR DefaultSearchURL: (qvo6) - http://search.qvo6.com/web/?utm_source=b&utm_medium=adks&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXL1EA1CCTRRCCTRR&ts=1376061392&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": "",
CHR Extension: (hosts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0
CHR HKLM\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files\Industriya\privitize\1.8.21.6\privitize.crx
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\User\AppData\Local\Temp\bhfiles\smileyswelovetoolbar_3_0_8_0.crx
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx
Task: {18C2D485-4F55-4A17-B420-610461D317B2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File
End

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Re-run FRST and here attach FRST.txt

Done with the paste. Same location, argus. Is FRST/FRST64 the same as FRST.exe?

Done with the paste. Same location, argus. Is FRST/FRST64 the same as FRST.exe?

Yes.

Microsoft Windows 7 Professional (X86) > This is your version 32 bit.

here is fixlog.txt…

What is the situation?

I rerun FRST although I didn’t tick anything. Is that okay? FRST1.txt attached.

Speed is good. What else should I be checking for?

I’ll do one more check.

Please download zoek.exe and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

Zoek log attached.