Hello again,
We have been having problems with our desk top being very slow to respond when clicking links, typing I guess just about anything. I cleared our browsers last night and ran Malware bytes, said it had been 31 days since updated. I think that is wrong probably about 2 weeks. Yes I am going to start doing this weekly. Then this am I ran Avast, came back with a long list of things not found and 1 Severe Threat that I did remove. It had “prepare” in the name. I thought I would be able to find a log file but I can’t. I have run the adwcleaner, OTL and aswMBR. I am attaching the logs to this post. I have not run the Puran Defrag yet as I did not know if that is a good idea when there might still be an virus etc. Thank you very much!!!
I forgot to say that when I finished removing the threat that Avast prompted to do a boot scan and it showed several corrupted files. However on reboot there was not a report or file.
Hi,
We will run deeper check …
Step#1
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Step#2
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Here are the results. Do I turn Avast back on or do I need to wait? Thanks!
Hi,
Antivirus moduls only need to be disabled when malware removal tools like zoek.exe or ComboFix.exe running. When they finish, bee free to enable them.
Re-run zoek.exe as you did before but you will use this script:
filesrcm;
c:\program files\iexplore2.exe;i
c:\program files\iexplore.exe;i
c:\program files\PrimoSetup.exe;i
[HKEY_LOCAL_MACHINE\software\microsoft\security center];r
"AntiVirusOverride"=dword:00000000;r
"FirewallOverride"=dword:00000000;r
startupall;
BeFrugal.com Add-On;ff
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9nzbf2l0.default\extensions\shopcbtoolbar@befrugal.com;f
Upromise TurboSaver;ff
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9nzbf2l0.default\extensions\FFToolbar@upromise.xpi;f
FFdefaults;
chrdefaults;
autoclean;
Click on RunScript button. Attach here fresh zoek-results.log
Here is the latest log. After the desktop rebooted, Windows is saying the Firewall is not on. I don’t know why it didn’t come on automatically. I do know that once I fell for an imposter firewall and infected our computer. This looks legit, do I turn the firewall on? I do have Avast back up and running.
Thanks!
I don't know why it didn't come on automatically. I do know that once I fell for an imposter firewall and infected our computer.I did it via zoek script. ;D On XP system malware usual use this values to exploit system. So I just set them back to defaults. You can easily set the settings back.
Ok, now run this zoek.exe script:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"Start Page"="http://www.google.com";r
installedprogs;
emptyalltemp;
How’s your computer running now?
Seems to be running great! My husband is usually the one that uses this computer and I use the laptop. I did some browsing and opening of programs and it is running much faster. I will tell my husband he needs to test it out with all the surfing he does, videos, news channels etc.
So did we have a hidden virus or worm or something that I wasn’t picking up?
You had some active trojan and malware generic entries, some malicious browser extensions and they where performed peyload to system, browser surfing …etc + bunch of adware crapware.
We will remove just Combofix. We’ll leave zoek and other tool for now and we’ll remove them when your husband gives us permission. ;D
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Well, I am trying to do the uninstall of the combofix. My husband says the computer is still acting up. He was not able to get on till late in the day and was actually so tired he couldn’t tell me what was not right. I played around in Explorer the browser he likes and it did stop responding once but started back on its on. Seems maybe a little slow in loading some pages and a good bit slow in response to the mouse to scroll down a page. I played around in Firefox the browser I like and for the most part did fine, I had several browser windows open at once and only had a hang when closing one of them. Going to send this and see if having the browser open is why combofix is not finishing.
Apparently ComboFix is stuck. Was I supposed to turn off Avast?
Keep CF for now. We may need it. We will solve CF problem later.
Let’s run AntiRootkit’s tool:
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Re-run zoek.exe
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
startupall;
filesrcm;
skipfix-iedefaults;
firefoxlook;
chromelook;
systemspecs;
installedprogs;
[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Chrome shouldn’t be on the system. Anytime Chrome has installed it caused issues and I uninstalled it. It could have snuck in again and I didn’t catch it. It is on so many downloads now.
Here are the reports that you asked for.
Unless hidden and not operating Chrome is not on this system. I opened my Gmail account in IE and it prompted me that I need to upgrade to Chrome. However, when I closed IE, I got an error message prompting to send a report to MS. This time it did not take me to a window with more information.
Hi,
IE is essentially low browser at XP systems. Why you don’t Firefox?
I see no Chrome installed in system. They are some Chrome entries leftovers but CHR browser is not on system.
I see no malware on system. PC is clean. We will do some changes and junk cleaning to try speed up this system.
Re-run zoek.exe as you did before but use this script.
autoclean;
FFdefaults;
CHRdefaults;
Click on RunScript. Attach here fresh zoek log
Then download and install fresh Chrome. Installing is very easy and installing process is automatic.
After the reboot this time, I did not get a log report. Should I run Zoek again with the same script? Fixing to download Chrome.
Yes please. Just doble click on zoek icon ( no screept need ) and tool will auto-generate fresh zoek. log and pop-up it.
It will also create a log in the C:\ directory named “zoek-results.log”
Thank you!
I see in logs that all was done as I wanted to be done. 
Computer state? How is running?
I think it is running fine. My husband says it still has issues. I use Firefox when I surf he uses IE so I think it is the compatibility issue with IE and XP. I did open IE and went to some of his places and the only place I had a little hitch was on the infowars and prisonplanet webpages. But I think they were still loading and that is why I couldn’t scroll down the page. Maybe one day he will finally start using firefox. The only other thing that I see is we still need to finish removing ComboFix. Thanks!