Hi, my friend was infected with a generic 16 backdoor trojan, as AVG had informed him. Its a new virus, and apprently hes being keylogged and is hearing random sounds. I dont know about any other symptoms, he hasnt told me. I need your help to kill it.
we need logs to help you
attach the requested logs http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
when done a removal expert will be notified and help you
I am waiting for his logs, apparently his com is going haywire, it will probably take a while before i get it
well you find essexboy or any of the other removal specialist here when you need them
…usually after work hours european time
my friend has the logs but he needs to send it to me via facebook chat. Is it safe to download the files from him. He is infected in some deep s*** man. Some keylogging and seizures and stuff. I dont know whether i should download the files from him. I am afraid of being infected as well
the logs are not infected, they are just txt file
okay, i know this sounds crazy, but since the hacker already has partial or full control of the computer, wont he be able to see who has download the file, and therefore know the IP and blablabla
Can they be e-mailed to you ?
Yep they can, hes in safe mode right now, is it safe to send the files? Theres a load of spyware in his com right now
Yes, the logs are text only … Which ones has he got ?
Or if you are really concerned I can PM me E-mail to you so that he can send them direct
He has all of them, just trying hard to send them to me. Many stuff is being deleted by the hacker.
Is he able to run from safe mode with networking ?
Oh, and his keyboard is dead. He is using the screen keyboard to type now
Does he have access to a second PC at all ?
Does he have Avast so that I can remote ?
Here they are
2nd
The OTL log will be the main one looking at those
OTL
OK E-Mail the attached fix.txt to him for saving to his desktop
Then get him to run OTL
Press the Run Fix button
A dialogue will open asking for the location of Fix.txt
Navigate to and select the fix.txt on the desktop
Press Run Fix again
THEN
Download to your system and then e-mail to him
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Okay, after Combofix, my friend ran AVG again and apprently he said that the trojan is either gone or hiding. His registry is also infected I think. The keyboard is still unusable, the symptoms of seizures and stuff still remain i think.