Blackfight / reduled infection

Viruses and worms
1

Hi there,
a friend of mine gave me his PC to see what was wrong with it.
I discovered he had a virus : each time I plug his PC on the internet, I get a message from avast blocking an illegal access to different malware sites : reduled, blackfight, reddie.net, etc.
I performed various checks and cleaning, but I still get this message and I don’t know where it comes from.
I checked with :

  • avast
  • adwcleaner
  • mbam
  • microsoft security essentials
  • kaspersky virus removal
  • tdsskiller
  • rkill.com
    and I still haven’t a clue where the infection is.
    If someone has an idea on how to get rid of this pest, I’ll be infinitely grateful.
    Thank you guys !
    And sorry for my poor english.
2

Let me know if this cures it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 2015-01-21 15:05 - 2015-01-21 15:05 - 00002974 _____ () C:\Windows\System32\Tasks\{52907479-578E-4922-A45A-E5D3BCEA5C44} Task: {21C5EB85-9908-40AC-B097-3A8FE5BF4D43} - System32\Tasks\{978BFBB0-BD23-4747-BEBB-B4B232E47717} => pcalua.exe -a C:\Users\DUTHILLEUL\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=slbnew <==== ATTENTION C:\Users\DUTHILLEUL\AppData\Roaming\webssearches Task: {A5DF8F95-7D21-4801-970A-A04BCB566942} - \avaxvyyvyf No Task File <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

3

Hi,
it’s fixed. I passed your script and I don’t have the problem any more.
You’re a genius (that is, if you’re not a bot, like it’s mentioned in your profile :))
once again : a big thank you.

4

Hi mpointar :slight_smile:

Please attach the logs as Essexboy requested. That you don’t have the problem anymore doesn’t mean that you are clean !

Greetz, Red.