So my computer has had a virus problem for about 7 months now. First it hijacked my desktop, fixed that, then it started to make my computer crash during startup, fixed that with Avast!, and now after a 14 and a half hour QUICK SCAN of my computer I still get spammed about a Malicious URL being blocked from “C:\Windows\syswow64\svchost.exe”.
[*]Double click TDSSKiller.exe
[*]Press Start Scan but do nothing else as we are just looking for what is there.
[*]If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
[*]Attach the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
Ok…run TDSSKiller again and when you see this >> \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) be sure to select Cure this time. Let the tool run and then attach the new log that should be made. If you have problems please let me know.
Very good…that got rid of a particularly nasty one.
ComboFix
Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
Please go to: VirusTotal
On the page you’ll find a “Choose File” button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
c:\program files (x86)\GUTD3C3.tmp
Next, click the Open button.
Then click the “Scan It!” button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, click the None button near the top (it may looked greyed out)
[*]In the Extra Registry section change it to All
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.
Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.