I’m trying to install Avast, but whenever I open the setup file it automatically stops. I tried a bunch of other anti-viruses but all close with no luck, I tried to logon to the safemode but with no luck too the PC reboots even before loging on to the safe mode. So sure it’s a virus but how to remove it :)?
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Run this OTS fix and then try to install Avast again. If it works then go for a boot time scan
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> xguxfx.exe -> C:\Documents and Settings\Tamer\Local Settings\temp\xguxfx.exe
YY -> winvsmdoc.exe -> C:\Documents and Settings\Tamer\Local Settings\temp\winvsmdoc.exe
[Driver Services - Safe List]
YY -> (amsint32) amsint32 [Kernel | Unknown | Running] ->
[Registry - Safe List]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> DfLogon -> C:\WINDOWS\System32\LogonDll.dll
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOCUME~1\Tamer\LOCALS~1\Temp\windhyo.exe" -> [C:\DOCUME~1\Tamer\LOCALS~1\Temp\windhyo.exe:*:Enabled:ipsec]
YY -> "C:\DOCUME~1\Tamer\LOCALS~1\Temp\winvsmdoc.exe" -> C:\Documents and Settings\Tamer\Local Settings\temp\winvsmdoc.exe [C:\DOCUME~1\Tamer\LOCALS~1\Temp\winvsmdoc.exe:*:Enabled:ipsec]
YY -> "C:\DOCUME~1\Tamer\LOCALS~1\Temp\xguxfx.exe" -> C:\Documents and Settings\Tamer\Local Settings\temp\xguxfx.exe [C:\DOCUME~1\Tamer\LOCALS~1\Temp\xguxfx.exe:*:Enabled:ipsec]
< Drives with AutoRun files > ->
NY -> C:\autorun.inf -> C:\autorun.inf [ NTFS ]
NY -> E:\autorun.inf -> E:\autorun.inf [ NTFS ]
NY -> F:\autorun.inf -> F:\autorun.inf [ NTFS ]
[Files/Folders - Modified Within 30 Days]
NY -> wxlto.pif -> C:\wxlto.pif
NY -> autorun.inf -> C:\autorun.inf
NY -> RealUpgradeLogonTaskS-1-5-21-789336058-1788223648-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1788223648-682003330-1003.job
[Files - No Company Name]
NY -> autorun.inf -> C:\autorun.inf
NY -> wxlto.pif -> C:\wxlto.pif
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Download the file Sality.zip
Extract SalityKiller.exe
Run the file SalityKiller.exe
Step 2. Registry repair: (Allow the files to merge when requested)
Download Sality_regkeys.zip
Extract the file Sality_RegKeys.zip
Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip
Step 3. Finalising :(Allow the files to merge when requested)
From the archive Sality_RegKeys.zip run the file of the registry key:
[]under Windows 2000 run the registry file SafeBootWin200.reg
[]under Windows XP run the registry file SafeBootWinXP.reg
[]under Windows 2003 run the registry file SafeBootWinServer2003.reg
[]under Windows Vista / 2008 run the registry file SafebootVista.reg
[*]under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that