Avast says windows file is infected with java file and is in windows folder shou

My friend has a computer that appears to have some virus and I did a boot scan with avast free and it says somethings about a windows folder being infected by java some thing and something else about a zip file being corrupt and also about something being in a windows folder I cant say exactly what it is because it is at my friends house but what should I do? also this computer is constantly blue screening but I have another post about that. I already got a lot of viruses off of it but avast keeps saying website blocked even when the web browser isn’t open. I have done scans with Malwarebytes Anti-Malware and avast free and there still are problems what should I do? If I get rid of those files at the boot scan will this be fixed?

Any help is appreciated.

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

Sorry it took so long it is a friends computer so I had to wait to get access. If you need anything else just ask and avast keeps popping up saying malicious url blocked and then it lists an object, an infection and a process.

Here are the screenshots I took of the 2 popups that appear every couple of minutes it is one of the two of them and they are exactly the same only cycling from one to the other.Also if I click more info on them the computer will blue screen. Btw the WiFi has started working again after those scans thought the owner of the computer says it will come back sometimes so I don’t know if I is a coincidence or what but thought id include that.

malware removers are notified. it may take hours before one arrive so be patient…
also consider what time of year it is :wink:

@ Will Gongola
Hello and wellcome to avast! 8)

[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.


Step#1

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please attach the contents of that log in your next reply.


Step#2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Hello thanks so much for taking the time to help especially during the holidays. Any way I ran the first scan and it found I think two things but then avast quarantine I think 4. After that the website blocked messages stopped. Then when I ran the second scan it did a lot of things I think but it never asked me to install the recovery console not sure if that matters just thought I would tell you. I have one final question, when I first looked at the computer it you would sometimes be able to boot to the log in screen with out it blue screening and even log on to the only existing user, but I could boot into safe mode so I thought making a new user might help and I could actually get into that one even thought it would sometimes blue screen (now it never does) my question is that since I have been running theses scans from the new user will the viruses be gone from the old user?

Thanks again and happy holidays!

Hi,

I have one final question, when I first looked at the computer it you would sometimes be able to boot to the log in screen with out it blue screening and even log on to the only existing user, but I could boot into safe mode so I thought making a new user might help and I could actually get into that one even thought it would sometimes blue screen (now it never does) my question is that since I have been running theses scans from the new user will the viruses be gone from the old user?

I’m not sure if I understand you …
My tools works better (they are more powerful) when they are running in normal mode.
About user account … tools works with admin privileges, so yes. If logs says that you are clean, then your PC is clean.

Step#1

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.


Step#2

Please re-run TDSSKiller as before (with change parametres ) and use Delete option for this entry:

\Device\Harddisk0\DR0 ( TDSS File System )


Step#3

Open notepad and copy/paste the text present inside the code box below:



ClearJavaCache:: 


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )


Then tell me how’s your computer running now? Any avast detections?

Hello! The status of the computer has improved tremendously it hasn’t blue screened since I ran the first couple of scans the WiFi has started working again and those two site blocked messages have also stopped. The only thing recently is that when ever I deleted that file using tdss remover avast found and quarantined 4 files so should I delete those or what I will also attach a screen shot of the virus chest. Thanks so much! Btw I will have to post the virus chest screenshot separatly because the files combined are too big.

Here is the screenshot of the virus that avast detected when I told tdss killer to delete that file.

Hi,
Detections are Ok because it’s TDSSKiller quarantine. Don’t worry, malware cannot be running from there.

Will you run CFScript.txt via Combofix as i wrote above? Attach here fresh Combofix.txt log for final checking.

Hey sorry about that I had it attached but I guess I forgot to reattach it after I tried to upload the screenshot and it said it was too big. One last thing should I delete the things in the virus chest or what? Thanks for all of your help.

Ok, logs looks good. Rootkit hase been removed. 8)


It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.


Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.


You need to remove some mcafee leftovers:
Go here and download mcafee (McAfee Products) removal tool. Run tool and allow him to remove mcafee lefted files.

http://singularlabs.com/uninstallers/security-software/


I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

Thank you so much. I never would have know what to do thanks for all of your help once again! Just one last question, MCshield is meant to be run along side avast correct?

Yes. MCShield is a small, light and antimalware program designed to prevent infections transmitted via removable drives. :wink:

Ok computer is running perfect and I also installed Mc shield. Thanks again!