To begin with I’ve been battling a browser hijacking redirect Trojan for the past few days which only Avast has been able to fix. I’ve tried everything else from MBAM, Hitman Pro, Kaspersky, Combofix, etc.
Now that I’ve done a Boot Scan and found the embedded files I scanned each directory with Avast and deleted them, but I still have the Win32 DNS changer trying to do its thing and being detected each time by Avast.
Each time Avast detects the DNS changed it moves it to the virus chest since that’s the default if unable to delete. The actual virus that it seems to be stopping with the Real’Time shield is called Win32.DNSChanger-VJ[Trj]
I can’t seem to find out why this DNSChanger keeps reappearing even though Avast is now catching it or if it is related to Csrss.exe which Avast is saying its blocking the connection to with the Realtime shield. (last blocked connection lizcaea.cn/32 and lizcaea.cn/64)
Avast Detects as
URL: lizcaea.cn/32
Process: file://C:\Windows\System32\csrss.exe
Infection: al
My windows firewall is also being prevented from being enabled at the moment and other anti virus programs say I’m clean. I’m not sure what the next step is to get my firewall back online.
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI
Essexboy will look at the logs when posted…
he is usually in here at 08:00pm - 11:59pm uk time
Everything should be attached from the guide posted.
MBAM found:
HKEY_CLASSES_ROOT.fsharproj (Trojan.BHO) → No action taken.
It has been removed using MBAM, but this is the exact Trojan.BHO that i’ve removed with MBAM 3 times already and it seems to reappear with a couple reboots.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
Alright i’ve ran OTS again and attached the file and everything looks good as of now regarding redirects and the real time shield from avast.
The only problem I’m still getting is that im unable to enable my Windows Firewall, it gives an error “Windows firewall can’t change some of your settings.” Error code 0x8007042c
I ran both the firewall related fixing tools in MS Fix It with no luck. I’m beginning to wonder if McAfee being previously installed is causing my firewall problems or if the Trojan/Malware did it.
Probably worth checking this out - McAfee has an uninstall tool that you could run to ensure any possible remnants are removed. Check out this page for removal tool and instructions, http://service.mcafee.com/FAQDocument.aspx?id=TS100507
OK, wasn’t sure what you had tried. But having used that removal tool in theory it shouldn’t be causing any current firewall problems, though I’m at a loss as to what to suggest to try and fix it.
You could of course install a 3rd party firewall (not McAfee), like:
PCTools Firewall Plus. This is a relatively user friendly firewall.
Online Armor for the most parts fine for most users, though some find it a little heavy.
Outpost Free Suite 7, which should still provide good protection, http://free.agnitum.com/. Whilst this is a suite, when you install it, it detects avast and asks if you have it installed, answering Yes will mean it doesn’t install the antivirus, anti-spyware and web control modules to maintain compatibility.
Thanks i’ll try that out until I manage to get windows firewall working again. Also it seems I still have the same trojan/downloader upon starting Windows explorer Avast detected