Yesterday I visited a website that I have used in the past ipmart.com and I believe got infected with some sort of virus. I did a search and found another thread on here (http://forum.avast.com/index.php?topic=38157.0) of somebody experiencing the problem after visiting the same site. The problems I’m having are slightly different and the last thread was over a year ago so thought it better to start a new thread.
The problems i’m experiencing is the computer takes 3 boots to get into it. The first two it doesn’t allow me to click on my icon to enter my password and enter into windows.
Once in I get a couple of errors about programs not working, one of with is ultramon, I also get an adobe error and a google installer error.
When using firefox, it is loading several other tabs especially when I try and search google for ‘virus’ etc it rediects to websites emulating deleting files and that sort of thing
I have run a full scan with CC cleaner and got rid of everything picked up on it, I have also ran a scan with AVG which doesn’t seem to pick anything up not CC cleaner has cleared some stuff up. Now in the other thread I mentioned programs such as ‘hijackthis’, ‘malware’ were mentioned which I have downloaded but it wont let me install them, I get the ‘this isn’t approved by XP’ or whatever that standard message is but after that nothing although it does appear in the process list.
I have spybot installed but as above when I run it it appears in processes but nothing else.
Can anybody shed any light on what to try next? I’m normally really careful with things like this but this one has just gone a bit berserk!
Try renaming HijackThis.exe for example scanner.exe. Download MalwareBytes Antimalware. Rename the set up file, eg virus.set up.exe, then install, update, go to C\program files\ malwarebytes antimalware\ mbam.exe, rename mbam.exe, eg moon.exe double click renamed file.Copy/paste HJT and MBAM logs
Thanks for the help. The renaming worked for Hijack this and the log is attached. I have also managed to installed Malware by renaming it but even after renaming the program exe I can’t get this to run apart from in processes. Is there anything else to try?
Run the renamed HJT again, choose scan only, put ticks in the boxes F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\win32room.exe,
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
Before dealing with those files found to be infected in MBAM.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Also for those file names in the HJT entries noted by micky77, try finding those and if present send those as well.
You appear to be running avast as second opinion antivirus to AVG. This is not good policy and you may experience further difficulties if you continue to do so. You need to decide one way or the other with these two antivirus options. This being an avast forum, the immediate suggestion would be to consult the forum as to how to fully uninstall AVG (using AVG uninstall utility) and set your computer to run latest version of avast antivirus 4.8 as sole resident antivirus.
You may need to clean install your new version of avast. If you do so, download new version as well as avast uninstall utility for removing old version. You would also have AVG uninstall utility downloaded - make sure you have right version. Unhook your LAN. Fully remove AVG using AVG uninstall utility and reboot your computer. Remove old version of avast using avast uninstall utility and reboot your computer.
Clean install your new version of avast 4.8. and run as to directions.
Rehook you LAN and manual update your avast antivirus to be fully protected. Then you’re good to go.
Firstly,you took no action with MBAM. Run mbam again, and have it remove the threats
Regarding C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) → No action taken.
Right got log from RootRepeal now. When running MBAM i could never finish a full scan, would always blue screen towards the end but seemed fine with quick scan, this also happened towards the end of a full scan with AVG, related to virus?
Sorry the log is scrambled. Please try again. I don’t know why this happens, but others have posted garbled logs, then good ones.So keep trying. Try copy/paste, this may involve splitting the log into more than one post
Ok, you have 2 entries, i think you only need to wipe one.Run rootrepeal again.
This time select files then scan ( see link ) http://www.malwarebytes.org/forums/index.php?showtopic=12709
Highlight this file C:\WINDOWS\system32\drivers\UACvbwqvmpxex.sys Right click, and choose wipe file, then reboot
Post another rootrepeal log
The other entry was the same file in hidden services, its important to see if that has gone.
On the second scan, make sure to click on report>scan> tick all boxes> etc
If the next log is clean, hopefully, you can run MBAM, full scan successfully and remove all the UAC entries
Hi.Can you re-run rootrepeal and highlight the following file:
C:\WINDOWS\system32\drivers\UACvbwqvmpxex.sys
Right click on it and select wipe file.Then restart your computer.After you have done that,run a quick scan with malwarebytes.Remove everything that malwarebytes find.Then post back a log from malwarebytes