Facebook Hack Enhanced Protection Mode (New Post)

Avast Free Antivirus / Premium Security
1

Hello Guys I had the same Facebook hack(as in the Topic:http://forum.avast.com/index.php?topic=81947.0) I did everything what Essexboy said with Malwarebytes etc. but after all there are some Virus left and everytime I delete them they recreate themselves is there any solution for that problem?
Btw here is my File from OTS: http://www.mediafire.com/?4d0ym3jqwwycyf6

2

Could you run MBAM on completion and post that log as well please

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YN -> Hosts file not found -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
YN -> "AlternateShell" -> services32.exe
[Files/Folders - Created Within 30 Days]
NY ->  system64 -> C:\Windows\system64
NY ->  update.5.0 -> C:\Windows\update.5.0
NY ->  update.2 -> C:\Windows\update.2
NY ->  update.1 -> C:\Windows\update.1
[Files/Folders - Modified Within 30 Days]
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
NY ->  geoiplist -> C:\Windows\geoiplist
[Files - No Company Name]
NY ->  geoiplist -> C:\Windows\geoiplist
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  info1 -> C:\Windows\info1
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


[Custom Items]
:files
ipconfig /flushdns /c
:end

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

3

OK crazy things happened.First the fix made my pc totally crash I wasn’t able to start the pc anymore and I had to recover it to an old state.I thought it was an mistake of my pc error or something so I tried the fix again.Well exactly the same happened again each recover took over 2 hours or a bit longer :frowning:
And second Anti-Malwarebytes hasn’t fond anything but there are some virus I know that.But maybe my first run helps it was the first scan from Malwarebytes after the “infection”. Link below.
http://www.mediafire.com/?nfs4zjimpgdtaw3

4

That took out some of the files I was trying to kill with OTL - this looks like it may be allied to the new TDSS variant

So first we will use Combofix to take out the main rootkit and then see where that leaves us

We may have to resort to using a recovery console CD - but we will cross that bridge when we come to it

Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
    They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    [*]Double click on ComboFix.exe & follow the prompts.

Please include the C:\ComboFix.txt in your next reply.[/b]

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
5

OK I installed Combofix and have now a log but I’m sorry but I’m a bit mistrustful because after Combofix my Antivir Avira was gone? :wink:
Logfile here: http://www.mediafire.com/?n5aemhs54fe1fqp

6

The log looks good now and the main culprit was conserv which needed a registry change before it could be removed

Reinstall Avira as it was probably the malware that killed it

Once done can you let me know of any problems you still have

7

OK I’m sick of Avira now I installed Avast and made instantly a scan and now everything looks clean thank you very much! :slight_smile:

8

Let me know tomorrow if you are happy and I will remove my tools

9

OK :wink: