Ok so i did get the fbi virus, got it removed with safe mode with command prompt, then installed avast, what else should i do to make sure it is all the way gone?, i know this may have been covered before but i could not find it, please i worry about my passwords, and bank account also my credit cards
follow guide and attach logs. http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
when done a removal expert will check for infections
Thanks Pondus i will do that i post logs in this thread right?
found how to add sorry bout previous post
no problem…
as long as you dont copy and paste OTL log, as that will be 10 posts with copy and paste.
OBS and your AdwCleaner log say search…you must click delete to remove all the crap files listed
more logs malware
otl log
re submitting 2 previous logs forgot proper encoding
i didn’t see a delet in Adwcleaner and what is obs?
they where OK…if not they would look like chinese
OBS = observe
when you run AdwCleaner, there is a Delete button…next to the search button.
in anwMBR should i fix problems it finds?
no, only attach aswMBR log
essexboy will tell you what to do when he arrive
no, only attach aswMBR log
essexboy will tell you what to do when he arrive
ok thanks here are the last of the logs sorry that took a while kinda new at virus stuff, thanks for the help any ETA on essexboy?
guessing he has his after dinner nap now, should be here in a couple of hours.
guessing he has his after dinner nap now, should be here in a couple of hours.
haha, ok i work 3rd shift so i might bee asleep it is 1104 am here i will be up till noon then out till like 8pm my time
Btw i am going to do this to my desktop computer on my next day off do i need to make a new post for it or do it here again?
guessing he has his after dinner nap now, should be here in a couple of hours.
Cheeky sod ;D
Hi just remnants left, on completion of this run can you let me know how the computer is behaving
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/17 18:41:57 | 000,000,000 | ---D | M]
[2013/05/26 08:40:12 | 000,000,000 | ---D | M] (@%systemroot%\system32\eqossnap.dll,-30001) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\5tv1xtgt.default-1365126292568\Extensions\{72C2BD6D-2ECB-CABD-4D10-91427317D563}
[1642/12/02 03:46:11 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\5tv1xtgt.default-1365126292568\Extensions\arogouyltq@arogouyltq.org.xpi
[2099/01/01 12:00:00 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\gxe68l0y.default\extensions\arogouyltq@arogouyltq.org.xpi
[2013/02/17 18:41:46 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1738025386-438850239-4055636043-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/02/17 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\SpikaQuad\AppData\Roaming\Babylon
:Files
C:\Users\SpikaQuad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7ef45b90-7a37217e
C:\Users\SpikaQuad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7f7f1279-18aea13b
C:\ProgramData\BrowserProtect
C:\Program Files (x86)\Yontoo
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Pondus post:14:guessing he has his after dinner nap now, should be here in a couple of hours.
Cheeky sod ;D
Hi just remnants left, on completion of this run can you let me know how the computer is behaving
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7 FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/17 18:41:57 | 000,000,000 | ---D | M] [2013/05/26 08:40:12 | 000,000,000 | ---D | M] (@%systemroot%\system32\eqossnap.dll,-30001) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\5tv1xtgt.default-1365126292568\Extensions\{72C2BD6D-2ECB-CABD-4D10-91427317D563} [1642/12/02 03:46:11 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\5tv1xtgt.default-1365126292568\Extensions\arogouyltq@arogouyltq.org.xpi [2099/01/01 12:00:00 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\SpikaQuad\AppData\Roaming\Mozilla\Firefox\Profiles\gxe68l0y.default\extensions\arogouyltq@arogouyltq.org.xpi [2013/02/17 18:41:46 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1738025386-438850239-4055636043-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () [2013/02/17 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\SpikaQuad\AppData\Roaming\Babylon :Files C:\Users\SpikaQuad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7ef45b90-7a37217e C:\Users\SpikaQuad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7f7f1279-18aea13b C:\ProgramData\BrowserProtect C:\Program Files (x86)\Yontoo :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
ok done it here is the log
should i uninstall java i saw it said some of those files were infected, does this me my IE is able to run again firefox broke the citrix servers with their last update and and IE is now the only way i can get to it
Is the computer behaving itself now ? When we clean up I will give you some links reference Java for you to make your own decision
Is the computer behaving itself now ? When we clean up I will give you some links reference Java for you to make your own decision
yea seems to be ok running faster then it did before the virus, avast did pop a warning on me when i was running the fix you gave me about otl but it went away so quick i did not see it i sent it in as a report