Cannot disinfect computer

Hi!

I have encountered a problem with my computer’s speed (slow) yesterday when I was watching multimedia application in Mozilla browser. I started a quick scan with MBAM and it found some PUP.BitCoinMiner troubles which could be removed after restart. But the problems weren’t gone. When computer restarted I started quick scan again (just to make sure), there were still some troubles. I decided to perform a full scan in safe mode and again there were a lot of troubles (Trojan.Agent.VBS, Misused.Legit.AI, Trojan.Agent.BCM,…). Restarted again but still no good. I tried to find the answer online, but the problem was even worse (like the “virus” was multipling after connected with internet - I disconnected after first problems were found). I don’t know what to do, I cannot disinfect my computer (using safe mode or not).

I followed your instruction, I am attaching logs (a few of MBAM).

I would appreciate your help!

Regards

More MBAM logs.

OTL log.

aswMBR log.

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

StandardSearch;

[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Zoek-results log.

Re-run Zoek with this script

C:\Users\Tadej\f9brmfkt2z9g;fs C:\Users\Tadej\731947bck269;fs bejbohlohkkgompgecdcbbglkpjfjgdj;chr nneajnkjbffgblleaoojgaacokifdkhm;chr autoclean; emptyalltemp;

zoek-results log after re-run.

Problem solved. TwinHeadedEagle, thank you very much!

Are you still with me, we need one more check to do?

Yes, still here.

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

  • ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.[/size]
    -If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

ComboFix log.

You’re clean :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you! :slight_smile:

I have Microsoft Security Essentials. Can’t consider as Antivirus?

Bad idea as an antivirus.

I would use Avast or maybe Comodo for Private use.

Will consider your suggestion, thank you.

TwinHeadedEagle, do you need DelFix log?

No, I do not need this report :slight_smile:

Ok, thank you again. :slight_smile:

:slight_smile: