system
March 1, 2016, 8:37am
1
Hi,
I appear to have acquired this exquisite piece of software and spread it to 2 laptops.
Avast appears to block it fairly well (thanks) but the popups are annoying and was wondering if you could point me I the direction of the tools used in other posts to destroy, beat, bash and kill said malware.
thanks in advance
John
Asyn
March 1, 2016, 8:40am
2
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253
system
March 1, 2016, 9:49am
3
here are my logs.
P.S. After all of these I am still getting Avast notification every 5 minutes or so.
Eddy
March 1, 2016, 9:50am
4
Please do not rename the log files.
FRST.txt is missing
Asyn
March 1, 2016, 9:58am
6
OK, now you’ve to wait a bit…
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2016-02-28 14:26 - 2016-01-16 07:31 - 00000000 __SHD C:\Users\john\AppData\Local\EmieUserList
2016-02-28 14:26 - 2016-01-16 07:31 - 00000000 __SHD C:\Users\john\AppData\Local\EmieSiteList
Task: {547D75F0-62CE-476A-9480-9B6E74AF4D49} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {54D4E88B-1577-4548-B636-16F8639C7288} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {97761021-1A26-4474-9CB5-9C027FF18380} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9ADE63AD-252E-4DD9-A868-7C37ADC421A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9700F78-C19C-48B1-ACA3-3C28E99D5E88} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
March 1, 2016, 11:12pm
8
Thanks, that has fixed it!!
now for the other laptop!
system
March 1, 2016, 11:36pm
9
Here is the log files for the other computer. I have only included FRST logs, let me know if you need the others.
system
March 2, 2016, 7:04am
10
I have fixed the other computer.
Thanks for all your help
John
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{9CFE302D-2FC5-48C8-89A5-018C0D3CB185} canceled.
1 out of 1 jobs canceled.
This was your problem, any further issues