blackfight.info infection

Viruses and worms
1

Hello,

My computer recently has become infected with some type of Malware. Anytime I restart my computer, and at various times during the day, I get a warning message from Avast. Here is one example attached:

I have already done a full Antivirus scan with Avast, Malwarebytes, AdwCleaner, and HitmanPro. Although, running these sweeps has caught a few other trojans/mal-ware/infected files, it has not removed this infection from blackfight.info. Could someone please provide some assistance? I can provide logs from the various scans. Please just let me know exactly what to include. Thanks!

Jim B.

2

https://forum.avast.com/index.php?topic=53253.0

3

I have attached the requested log files. Thank you for your reply.

Jim B.

4

Hi there, the first thing you must do is uninstall Chrome, you can re-install once we have finished

Once Chrome is uninstalled :

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20] CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20] CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-20] CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20] CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20] CHR Extension: (Google Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20] CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20] CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20] CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-20] 2015-02-10 05:56 - 2015-02-10 05:56 - 00003112 _____ () C:\Windows\System32\Tasks\{5C6B7F27-E79A-4D36-87AA-B9C3E900E72D} 2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList 2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList 2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieBrowserModeList Task: {45D5AD21-5A05-4AE5-B465-5E821D3297C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-20] (Google Inc.) Task: {CF510D08-D733-4BEC-BFD2-BEAE1ADBAEF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-20] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Jim\AppData\Local\Google\Chrome EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

5

Thanks for the help! I’ll let you know if I have any problems. :wink:

Jim B.

6

You may now re-install chrome