I was streaming videos and was asked to download Codec V. I only realized it was a trojan after installing it. I also have a codec C folder in program files which i also think is a trojan. Please help me remove it.
I already followed the steps in the ‘Logs to assist in cleaning malware’ topic.
Here are my logs.
[u]MBAM LOG[/u] Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.orgDatabase version: v2012.08.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JuBy :: ADMIN-PC [administrator]20/8/2012 5:52:13 PM
mbam-log-2012-08-20 (17-52-13).txtScan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210403
Time elapsed: 3 minute(s), 43 second(s)Memory Processes Detected: 0
(No malicious items detected)Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 0
(No malicious items detected)Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) → Quarantined and deleted successfully.Files Detected: 8
C:\ProgramData\GBox\GBox.exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) → Quarantined and deleted successfully.
C:\Users\JuBy\Downloads\Codec-V.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\JuBy\Downloads\DownloadSetup.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\ProgramData\TheBflix\BACKGROUND.HTML (PUP.BFlix) → Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) → Quarantined and deleted successfully.
C:\ProgramData\TheBflix\pmholphmkflmlgknogfaflfkknjegfje.crx (PUP.BFlix) → Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) → Quarantined and deleted successfully.(end)
[u]aswMBR LOG[/u] aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-20 18:19:29 ----------------------------- 18:19:29.894 OS Version: Windows x64 6.1.7601 Service Pack 1 18:19:29.894 Number of processors: 8 586 0x1E05 18:19:29.895 ComputerName: ADMIN-PC UserName: JuBy 18:19:33.935 Initialize success 18:19:36.758 AVAST engine defs: 12082000 18:19:42.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:19:42.438 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8 18:19:42.450 Disk 0 MBR read successfully 18:19:42.455 Disk 0 MBR scan 18:19:42.461 Disk 0 unknown MBR code 18:19:42.473 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:19:42.483 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 944050 MB offset 206848 18:19:42.518 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9717 MB offset 1933621248 18:19:42.561 Disk 0 scanning C:\Windows\system32\drivers 18:19:51.059 Service scanning 18:20:06.838 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 18:20:12.259 Modules scanning 18:20:12.276 Disk 0 trace - called modules: 18:20:12.630 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spwm.sys hal.dll 18:20:12.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bd8790] 18:20:12.648 3 CLASSPNP.SYS[fffff88001dbd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007902050] 18:20:15.515 AVAST engine scan C:\Windows 18:20:21.615 AVAST engine scan C:\Windows\system32 18:22:37.204 AVAST engine scan C:\Windows\system32\drivers 18:22:51.045 AVAST engine scan C:\Users\JuBy 19:26:20.258 AVAST engine scan C:\ProgramData 19:41:35.132 Scan finished successfully 19:48:27.288 Disk 0 MBR has been saved successfully to "C:\Users\JuBy\Desktop\MBR.dat" 19:48:27.291 The log file has been saved successfully to "C:\Users\JuBy\Desktop\aswMBR.txt"