Much like the thread on http://forum.avast.com/index.php?topic0903.0, I am fighting this virus. Avast is stopping the trojan Win32:DNSChanger-VJ from running and Comodo and Malwarebytes are blocking access to web sites. MBAM results:
To make cleaning this machine easier
[*]Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
[*]Please do not run any scans other than those requested
[*]Please follow all instructions in the order posted
[*]All logs/reports, etc… must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
[*]Do not attach any logs/reports, etc… unless specifically requested to do so.
[*]If you have problems with or do not understand the instructions, Please ask before continuing.
[*]Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
[*]Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
The logs seem to conflict on which antivirus program you are using. Combofix shows Norton (Symantec) while OTL shows Avast. Please clarify your antivirus situation.
When you ran OTL there should have been a file named Extra.txt created. Since you ran OTL from your download folder it should have been saved there as well. Please attach it to your next reply.
Next, Right click on OTL.exe and chose Run as Administrator to run it
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[*]Do Not copy the word CODE
[*]please note the fix starts with the :
Thanks for your help.
I do not have an Extra.txt file anywhere. Not certain why not. ???
This computer came with NAV installed, but the virus protection ran out a few months ago. I installed Avast (just a few days ago - this is a friend’s computer) to provide protection, and ran the Norton product uninstaller to remove NAV. Not certain why it is still showing up anywhere…
Ran the fix, and it gave me a log file. Do you need it?
I will restart the virus protection, etc and see if I see any signs of the issue. Should I run something to check?
As an FYI, I am now able to change the settings on Windows Firewall, so that’s a good sign!
I just ran MBAM and it came up clean. I am now going to reboot and see what happens.
Please move OTL out of the downloads folder to your desktop.
[*]Right click on OTL.exe and click “Run as Administrator” to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output
[*]Check the boxes beside LOP Check and Purity Check.
[*]In the Extra Registry section change it to All
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Sorry it took so long to get back to you. My friend has already taken her computer home. I was hoping she would run these and get the results to me, but she hasn’t yet. Thanks for all your help, though. I suspect that if she still was having issues, she would have told me by now…