Was surfing the web on an art community website I’m registered at when this thing suddenly popped up telling me that I was infected with all these different viruses and was scanning my computer. I kinda panicked and opened avast and scheduled a boot time scan right then and hit restart computer. It did the boot time scan on command and said it caught three viruses (or three parts of one, I’m not sure) something about a java trojan or something. I moved them to chest and finished the scan, finished restarting and avast’s shields were suddenly off, and the program wouldn’t obey my button clicks to activate shields. I then went into add/delete programs and uninstalled it. I was too stupid to think to delete the stuff from the virus chest first. After that I reinstalled avast and restarted and did another boot time scan which seemed to work and no viruses were found. This morning when I got up however, avast was down on my taskbar but I couldn’t interact with it and so I restarted the computer once again and when it came back up all the realtime shields were off and would not respond to my clicks. I am very frustrated and a little scared about what’s going to happen to my information. Any help with this would be greatly appreciated.

There may be some remnants to kill that are interfering with Avast

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
CREATERESTOREPOINT

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Thank you, I did as you suggested and it is finished with a report txt file popping up after. What do I do with this information? What do I do now?

URL of website?

Could you attach the logs to your next post please

Use the browse button to get to the log and then post

Website is/was my favorite art community website, www.deviantart.com .

I hesitate to do this, as it would make public a very large number of files and programs that I have on my computer it would seem from reading it…is there any way a hacker could benefit from the information? Is there anything specific you could tell me to look for instead?

As soon as I have downloaded the log then edit the post containing the log and remove it from the attachments ;D

Alright.

lol ;D

Got 'em you may delete them now from the post

It looks like MBAM has got them all, all I can see is a changed proxy setting. Could you try a repair of Avast and then update and re-run MBAM posting the log here

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893 O4 - Startup: C:\Documents and Settings\PyroNeko\Start Menu\Programs\Startup\Product Registration.lnk = File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

I’m going to sound quite stupid saying this, but…what is MBAM? Also, how do I repair avast? Uninstall and reinstall or…? Do I do this first and then run “OTL”?

You do have MBAM on your system

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

To repair avast go to control panel > Add/remove programmes and select Avast
On the left will be several options > Select repair

I’m sorry I’m not doing this in the right order I think. I tried to repair avast by going to add/remove programs and choosing the option “repair” however it encountered an error: “Error processing packages Please use full update” then gave me an option to say “ok” or view log file, in which I noted it said some things didn’t exist. I can go ahead and run Malwarebytes (sorry I had no idea that was MBAM) anyway…but I think I can only uninstall avast at this point. Should I do so?

Yes looking at the report - safesurf has a nice little spiel here. Run Malwarebytes to see if there are any orphans left

I’ve done everything you told me to do, avast is newly installed (and updated) MBAM found 2 things the log of which I’m posting below. I ran OTL as you said and it ran for awhile then asked for a restart, which I did. When the computer came back up it gave me a notepad log file of what it (OTL) did. However, right now my taskbar system tray icons besides avast and spyware terminator (which I’ve had for some time) do not show up, and there are usually about 6. What else do I do?

MBAM log file you requested:

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5532

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/16/2011 11:42:28 AM
mbam-log-2011-01-16 (11-42-28).txt

Scan type: Quick scan
Objects scanned: 169916
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\PyroNeko\local settings\Temp\6652157.678338989.exe (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.
c:\documents and settings\PyroNeko\local settings\Temp\jvuevjnto\hqxkkrfuerb.exe (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.

Are the tray icons hidden ?

What are your current problems ?

No, they were not hidden, the option to hide wasn’t necessary because they simply weren’t there. I rescheduled a system scan using avast and it’s running now, so I don’t know what has happened but nothing as of yet has shown up. I’ll be able to figure out more once the scan is done and it reboots. I’m thinking (ok I’m hoping) that it’s all gone and everything is fine. crosses fingers Thank you so much for all the patient help and assistance you’ve given!

I do have one more question when you have time. Is there any way to prevent something like this from happening in the future? (Outside of never going to deviantart again cry) I was under the impression that I had programs like avast so this wouldn’t happen; so I am slightly unsure now. Any thoughts would be greatly appreciated.

That is the problem with drive by downloads, they are continually changeng. On the site did you notice the problems after clicking on a picture or downloading it ? The site itself caused no alarms for me, but then I just went to the front page

Whatever it was that you had all it was able to do was damage Avast for a bit and add a proxy to your system.

Which is a lot better than some other AV’s would have been able to do

Once you are happy I will remove my tools and tidy you up