Clickered Issue Logs / Stuff ; Please help

Hello!

I’ve seen a post that this got resolved for someone else, but I don’t understand how they did it. (To be Honest, I am not really that tech savy, I will try my best to listening to directions) My avast shield has been going nuts about some clickered malware. It’s getting annoying. IF you do not mind me asking. What does the “Clickered” do ? I did notice a decrease in my internet speed or connection, but I have no idea if “Clicker” is connected to that or not.

I ran all the scans required and will post results below. Any help is appreciated.

If there is anything I am missing, please let me know.

Thank you!

  • Jon Barco

Hi jonathan.a.barco,

Welcome to the forums.

As you’ve already submitted the necessary logs, a malware expert has been contacted for you. Please be patient.

Info about your infection and what it does: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanClicker:Win32/Delf.ZXG

An important note: Please make no further changes to your system on your own whilst under expert’s care. That would mean any steps outlined in the article above. Link posted in answer to your query only. Follow instructions exactly.

Thank you.

Thank you so much Mchan,

For providing me with the information about the Trojan.
Yes, of course. I will wait patiently till the next Mal expert is available.

Thanks for the reassurance.

Hi this should kill it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-4089235039-2235356464-847887568-1001\...\Run: [TornTv Downloader] => C:\Users\Alexia\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup AppInit_DLLs: C:\PROGRA~2\GS_X64~1.ENA => C:\Program Files (x86)\GS_x64.Enabler [4581376 2013-12-29] () Startup: C:\Users\Alexia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Alexia\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File) SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {0AE7AB82-EFB3-4DFB-AE70-DE92F0FC7DED} URL = http://rts.dsrlte.com/?affID=fm35_3CD5400C-C252-40F8-B9C1-E9841CF4E936&q={searchTerms}&r=196 SearchScopes: HKCU - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl BHO: DIgiSaaverr -> {0A147F4D-DD12-372A-181E-C07770884586} -> C:\ProgramData\DIgiSaaverr\6y0Bi.x64.dll No File BHO: DigISaVieR -> {7BB80955-56B9-A655-13E2-5957674AE15B} -> C:\ProgramData\DigISaVieR\byQUBpL.x64.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service S0 nbegkh; System32\drivers\ntjn.sys [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] 2014-08-31 23:42 - 2014-09-01 00:14 - 00000000 ____D () C:\Users\Alexia\AppData\Roaming\Systweak 2014-08-31 23:42 - 2014-08-31 23:42 - 00003306 _____ () C:\Windows\System32\Tasks\ASP 2014-08-31 23:42 - 2014-08-05 19:14 - 00020328 _____ () C:\Windows\system32\roboot64.exe 2014-08-29 22:17 - 2014-08-29 22:17 - 00000000 ____D () C:\Program Files (x86)\predm 2014-08-29 22:15 - 2014-08-31 20:28 - 00000000 ____D () C:\Users\Alexia\AppData\Local\Idle~_~Crawler 2014-08-29 22:15 - 2014-08-29 22:15 - 00004588 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-08-29 22:15 - 2014-08-29 22:15 - 00000000 ____D () C:\Users\Alexia\Documents\Optimizer Pro 2014-08-29 22:14 - 2014-08-29 22:14 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-08-29 22:12 - 2014-08-29 22:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\Alexia\AppData\Local\globalUpdate 2014-09-01 18:18 - 2014-02-28 12:47 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job 2014-09-01 18:18 - 2013-12-29 04:30 - 00000446 ____H () C:\Windows\Tasks\GS.Enabler-S-4560858878.job 2014-09-01 18:18 - 2013-12-08 23:55 - 00000450 ____H () C:\Windows\Tasks\SK.Enhancer-S-161304646.job 2014-08-29 22:21 - 2014-08-29 22:12 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-08-29 22:17 - 2014-08-29 22:17 - 00000000 ____D () C:\Program Files (x86)\predm 2014-08-29 22:15 - 2014-08-29 22:15 - 00004588 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-08-29 22:15 - 2014-08-29 22:15 - 00000000 ____D () C:\Users\Alexia\Documents\Optimizer Pro 2014-08-29 22:14 - 2014-08-29 22:14 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\Alexia\AppData\Local\globalUpdate 2014-08-29 11:47 - 2014-02-28 12:47 - 00000470 _____ () C:\Windows\Tasks\DriverUpdate Scan.job Task: {2A9C0161-4E46-4BA4-B54F-2F077328C347} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION Task: {63F6C660-0234-40A3-B905-CD33BEFC608D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {6B2A3CD2-2F63-41DA-A83B-9A7F1EA1093B} - System32\Tasks\GS.Enabler-S-4560858878 => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION Task: {73816C30-6CFF-4D6F-840D-840690D57178} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe Task: {87882209-769B-4E69-920D-D27BC4802190} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION Task: {9301C54C-84D3-4018-8717-B28CCFACAEC1} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: {E1B08AAA-455B-4936-9A09-6B46C885AD2A} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\Windows\Tasks\GS.Enabler-S-4560858878.job => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION C:\Users\Alexia\jagex_cl_runescape_LIVE.dat C:\Users\Alexia\random.dat C:\ProgramData\DigISaVieR C:\ProgramData\DIgiSaaverr EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I have done all of the steps you have told me to do.
So far so good. Thank you so much in advance!

If something seems to be off with the log report, please feel free to address the issue back to me.
Have a great day.

Any further problems before I tidy up ?