Hi, my friend’s computer got infected recently, and since she got infected, she can no longer access google.com. It just gives her some kind of error, saying that she can’t access the website. I had her do some scans with avast and MBAM, both of which found some threats and deleted them. Avast is also alerting on and blocking svchost.exe from accessing malicious websites, with a URL:mal warning. Feeling that it wasn’t your average infection, I had her run a new MBAM scan, an OTL scan, and an aswMBR scan so that I could upload the logs for her here. The logs are attached. Thank you for any help in advance!
Essexboy is notified…
Hi the malware has inserted itself in the TCPIP stack
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
THEN
http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/fss.jpg
Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
My friend ended up closing combofix before it had finished running. I don’t have any contact with her except over the internet, and although I warned her not to mess with it before she started combofix, she still closed it anyway. It was too late for me to stop her by the time I found out. Should she rerun combofix, and should she still run Farbar? Would resetting the computer to factory default end the malware problem, or would it still persist after the reset?
A reset would be the fastest option but any data files photos would need to be backed up first
Otherwise re-run Combofix and then run Farbar
Hi, she tried to restore her computer to factory default, but it failed. She ran combofix, but the computer crashed while it was trying to produce a log, so no log was created. The Farbar log is attached.
OK lets go a different route
This programme will generate a zip file for me to analyse on completion. Could you upload it to mediafire and post the sharing link here
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPfront.gif
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpsettings.gif
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPAnalysis.gif
On completion click the link to locate the zip file to upload and attach to your next post
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPZiplocation.gif
First of all, I’d like to thank you for all the help you’ve given my friend and I. The Kaspersky Virus Removal Tool ran successfully and even removed a TDSS variant. However, after her computer restarted, she was unable to boot into Windows. Thankfully, the factory restore seemed to work this time, and her computer is now running quite well. I think this whole experience will help my friend in the end, as she now sees the importance of having an antivirus program installed on her computer.
Thanks again,
Camo
An anti-virus does come ion handy sometimes
Learning by experience makes it stick
Glad that all is OK now