system
September 2, 2014, 2:37am
1
Hello!
I’ve seen a post that this got resolved for someone else, but I don’t understand how they did it. (To be Honest, I am not really that tech savy, I will try my best to listening to directions) My avast shield has been going nuts about some clickered malware. It’s getting annoying. IF you do not mind me asking. What does the “Clickered” do ? I did notice a decrease in my internet speed or connection, but I have no idea if “Clicker” is connected to that or not.
I ran all the scans required and will post results below. Any help is appreciated.
If there is anything I am missing, please let me know.
Thank you!
mchain
September 2, 2014, 3:46am
2
Hi jonathan.a.barco,
Welcome to the forums.
As you’ve already submitted the necessary logs, a malware expert has been contacted for you. Please be patient.
Info about your infection and what it does: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanClicker:Win32/Delf.ZXG
An important note: Please make no further changes to your system on your own whilst under expert’s care. That would mean any steps outlined in the article above. Link posted in answer to your query only. Follow instructions exactly.
Thank you.
system
September 2, 2014, 4:05am
3
Thank you so much Mchan,
For providing me with the information about the Trojan.
Yes, of course. I will wait patiently till the next Mal expert is available.
Thanks for the reassurance.
Hi this should kill it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4089235039-2235356464-847887568-1001\...\Run: [TornTv Downloader] => C:\Users\Alexia\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
AppInit_DLLs: C:\PROGRA~2\GS_X64~1.ENA => C:\Program Files (x86)\GS_x64.Enabler [4581376 2013-12-29] ()
Startup: C:\Users\Alexia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Alexia\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {0AE7AB82-EFB3-4DFB-AE70-DE92F0FC7DED} URL = http://rts.dsrlte.com/?affID=fm35_3CD5400C-C252-40F8-B9C1-E9841CF4E936&q={searchTerms}&r=196
SearchScopes: HKCU - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: DIgiSaaverr -> {0A147F4D-DD12-372A-181E-C07770884586} -> C:\ProgramData\DIgiSaaverr\6y0Bi.x64.dll No File
BHO: DigISaVieR -> {7BB80955-56B9-A655-13E2-5957674AE15B} -> C:\ProgramData\DigISaVieR\byQUBpL.x64.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service
S0 nbegkh; System32\drivers\ntjn.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
2014-08-31 23:42 - 2014-09-01 00:14 - 00000000 ____D () C:\Users\Alexia\AppData\Roaming\Systweak
2014-08-31 23:42 - 2014-08-31 23:42 - 00003306 _____ () C:\Windows\System32\Tasks\ASP
2014-08-31 23:42 - 2014-08-05 19:14 - 00020328 _____ () C:\Windows\system32\roboot64.exe
2014-08-29 22:17 - 2014-08-29 22:17 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-29 22:15 - 2014-08-31 20:28 - 00000000 ____D () C:\Users\Alexia\AppData\Local\Idle~_~Crawler
2014-08-29 22:15 - 2014-08-29 22:15 - 00004588 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner
2014-08-29 22:15 - 2014-08-29 22:15 - 00000000 ____D () C:\Users\Alexia\Documents\Optimizer Pro
2014-08-29 22:14 - 2014-08-29 22:14 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-29 22:12 - 2014-08-29 22:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\Alexia\AppData\Local\globalUpdate
2014-09-01 18:18 - 2014-02-28 12:47 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-09-01 18:18 - 2013-12-29 04:30 - 00000446 ____H () C:\Windows\Tasks\GS.Enabler-S-4560858878.job
2014-09-01 18:18 - 2013-12-08 23:55 - 00000450 ____H () C:\Windows\Tasks\SK.Enhancer-S-161304646.job
2014-08-29 22:21 - 2014-08-29 22:12 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-29 22:17 - 2014-08-29 22:17 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-29 22:15 - 2014-08-29 22:15 - 00004588 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner
2014-08-29 22:15 - 2014-08-29 22:15 - 00000000 ____D () C:\Users\Alexia\Documents\Optimizer Pro
2014-08-29 22:14 - 2014-08-29 22:14 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\Alexia\AppData\Local\globalUpdate
2014-08-29 11:47 - 2014-02-28 12:47 - 00000470 _____ () C:\Windows\Tasks\DriverUpdate Scan.job
Task: {2A9C0161-4E46-4BA4-B54F-2F077328C347} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {63F6C660-0234-40A3-B905-CD33BEFC608D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6B2A3CD2-2F63-41DA-A83B-9A7F1EA1093B} - System32\Tasks\GS.Enabler-S-4560858878 => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: {73816C30-6CFF-4D6F-840D-840690D57178} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {87882209-769B-4E69-920D-D27BC4802190} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {9301C54C-84D3-4018-8717-B28CCFACAEC1} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {E1B08AAA-455B-4936-9A09-6B46C885AD2A} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GS.Enabler-S-4560858878.job => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
C:\Users\Alexia\jagex_cl_runescape_LIVE.dat
C:\Users\Alexia\random.dat
C:\ProgramData\DigISaVieR
C:\ProgramData\DIgiSaaverr
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
system
September 2, 2014, 6:25pm
5
I have done all of the steps you have told me to do.
So far so good. Thank you so much in advance!
If something seems to be off with the log report, please feel free to address the issue back to me.
Have a great day.
Any further problems before I tidy up ?