FedEx Email

Like an idiot, I opened an email and tried to open the attached .zip file that looked as though it came from FedEx. Only because that very day I sent a FedEx out to a client was the reason I opened it!

Nevertheless, here’s my issue: I had the Free version of Avast which didn’t catch the bug. Now I cannot open Chrome, Internet Explorer or Adobe Acrobat (PDF) files. I scanned once - but didn’t stick around to watch it. When I returned, the system had rebooted. Whatever happened did not work.

Now I have purchased Avast Premium and scanning again. It’s been running for 2 hours.

Does anyone know how to detect and remove this bug?

thanks!

Do you still have the attacment?
Dont run it, but upload the file inside the zip here www.virustotal.com or here www.metascan-online.com
You may post link to scan result here

Send file to avast here https://support.avast.com > avast virus lab

For removal help, follow instructions here https://forum.avast.com/index.php?topic=53253.0
Attach malwarebytes and farbar recovery scan tool logs

When done a malware expert will assist you

yes, I did try to open the zip file.
I’m running my Avast virus scan now. Should I stop it and follow your malware removal link?

Should I stop it and follow your malware removal link?
Yes ...

Monitoring. Will review the logs when posted.

tried twice to download and execute. I get the following error:

ShellExecuteEx failed; code 1314
A required priviledge is not held by the client.

I don’t know if it matters, but the only way I can open a browser window on the infected pc is through Avast SaveZone.

Which download? FRST, aswMBR or Malwarebytes?

Are the downloads via SafeZone?

the link I believe was Marwarebytes.
yes, all downloads are occuring in SafeZone. I don’t know what else to do.

OK…I found the executable file for MalwareBytes and running it outside of SafeZone.

here is the Malware log file.
running the farbar scan now.

FYI - still can’t open Chrome or IE.

here’s the FRST scan file.

Anyone? Now what?

last file.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

[b]Update for Zip Opener

Zip Opener Packages[/b]

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Download the attached Fixlist.txt file and save it to your desktop the same location as FRST64.exe is located.

NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting “Run as Administrator…” and press the Fix button just once and wait.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Along with the log file, tell me how your system is running now.

I am not able to run the FRST64.exe. I receive an error message: “A required privilege is not held by the client.”

I am running from SafeZone and “Run as Administrator”, but still no luck. I tried moving the file outside of SafeZone, but I cannot see it when I do so.

How did you run the scan?

Edit: What I mean is that the scans were run by an Administrator (meaning the user was acting as administrator) just fine so you should be able to do the same thing (for example, just double click to run FRST64.exe).

Originally?
I saved the .exe files to my desktop and ran them from there.

Most likely what is happening is that you have a shortcut on your desktop that points to the true file (which the log shows as located here = Running from C:\avast! sandbox\S-1-5-21-213686681-1849411641-3850617695-1000\sfzone\C\Users\Jeff\Downloads).

If you have to, download the Fixlist.txt file and a copy of FRST64.exe to a USB drive (you can do this on a different computer if you have to). Plug the drive into your infected system and either move the files onto the desktop or just run them from the USB drive. The desktop will be faster but either one will work.