Fix for asif105a

Hello asif105a and welcome to avast!. I will be working on your Malware issues.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the ‘all clear’ even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper

This thread is now just yours. I have take a look into posted logs. Please be noted, in future you should opet your own thread.


Original post from: https://forum.avast.com/index.php?topic=170976.msg1216855#msg1216855


Posted MBAM logs shows no malware found. So, I assume that this isn’t a log from first scan. Doesn’t matter …

First, from your Control Panel > Programs and Features try to uninstall the following malicius software:

  • Internet Explorer Toolbar 4.9 by SweetPacks
  • jZip

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CMD: ipconfig /flushdns

CloseProcesses:
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4279435140-1705672755-3175951275-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}

Hosts:
C:\ProgramData\msnir.exe
C:\Program Files (x86)\Music Toolbar

RemoveProxy:
FirewallRules: [{6BA275C8-3EF7-4423-908C-2A3A6AA61D09}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{2A7D2302-61FD-42E4-8E89-B7A34C108955}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Thank you.
Uninstalled Jzip, no toolbar installed. No popups even before running fix. Attaching my fixlog.

Perhaps no popups but malware was still active on board. Now, FRST has been target malware and remove it from your system.

Now let’s run some additional scan to make shure there is no some leftover afoot.

Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Click on More Options and check box only for AutoClean
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log