When I try to let avast fix it, it says it will finish with restart. When I restart everything is gone. I have to restore my whole system to get everything back. It starts with a temporary profile with no files until I restore. Can you tell me a safe way to remove this, please?
EDIT:
I forgot to mention a very important piece. I was first alerted there was a problem by a different program. I have 'Scotty" that alerts me of any change to my start menu and gets approval before it allows change. When I first came on, it started going off saying program after program that was set to starts was no longer going to start.
My knee jerk reaction was to shut down. That was the first time I restarted to basically a new system with almost everything gone and all files gone. That is when I did first restore and had to try a couple, maybe 3 restore points to get to one that worked. the first ones said they were corrupted and did not work so I would try one a bit older until one worked. Then I got the threat detected by Avast.
I will run as instructed but I have tried to have both Avast and Malwarebytes fix and when it has to restart it goes to a cleaned out version of windows with no files or folder. It even had to make a tmp profile. I had to do multiple restores to gte to a restore point that was not corrupted. I have started the Malwarebytes scan as you instructed do you want me to continue with instructions or will this info change things?
I do appreciate your help and will follow your directions.
I also tried to run FRST and did not finish with the instruction for that last night and now I have an additional alert from Avast overnight scan that there are now 2 files the second being in Frst\Hives\Users\0000001\ntuser.dat.
OK, thanks for your response. I am attaching the Malware Malwarebytes log and the the OTL text documents. As for aswMBR I believe it is hung up. I will wait to see how you want me to proceed on that one. It is “scanning” putty.exe on the desktop but it hasn’t moved in a while and there are no other lines flashing like I saw before as it scanned the previous locations. It also has exe to the far right of the line that has not changed either.
Thanks for your response.
I will just leave the aswMBR alone and wait until they tell me what they want me to do with it. If it somehow restarts or continues i will add that log.
Edit:
Just FYI-- all I had to do was give up on it and after 2 hours it moved to another file so hopefully it will finish the scan.
I will try that because it is not running right. It started fine and has just ground to a halt. It is frustrating because it got so far yet it would probably be much faster to just start it over in safe mode so I will do that now. My only worry is when i restart, I go to a cleaned out version and have to do a restore but hopefully I can get it to run and be of some use. I hope this one will save a log of what it did scan if stopped? Thanks.
Thanks and yes something is definitely wrong. My Avast has the threat warning at severe and show the Win32:VBCrypt-CSL trojan virus. I am definitely infected with a nasty virus and need help to safely move it as soon as
possible. I am going to move files to a separate computer as a back up but can’t even do that until I get this removed or I will infect my backup location as well.
[*]Close any open browsers
[*] Temporarily disable your [b]AntiVirus[/b] program. ([i]If necessary[/i])
If you are unsure how to do this please read [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b][i]this[/i][/b][/url] or [url=http://www.bleepingcomputer.com/forums/topic114351.html][i][b]this[/b][/i][/url] Instruction.
[*]Double click on [b]zoek.exe[/b] to run the tool .
[i]Please wait while the tool does not start...[/i]
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
[*]Save notepad to your Desktop and attach here [b]zoek-results.log[/b]
[i][b]Note:[/b] It will also create a log in the [b]C:\ [/b]directory named "[b]zoek-results.log[/b]"[/i]
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thank you will try your suggestions and post results. You are aware that the latest scan from Avast still shows the Win32:VBCrypt-CSL [trj] correct? It actually show twice now as one instance is in FRST.
Thanks again for your input. I will proceed now and I do appreciate the help as the Avast team must be busy and I really want this gone!
Both finished and will attach the logs as requested. I had error when re-starting said notepad could not be found and did not save the Zoek results log to desktop but I believe I found the file you wanted. Also Chrome will not load properly. Will you let me know if I can restore my preferences safely? I will include the error message and my saved setting are not loading. I opened Chrome a few times to check and always get the error of which I am attaching the screen shot.
FixList.txt must be in the same location where FRST.exe tool is!
Re-run FRST.exe as you did before …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
I am sorry my mistake. I had already run it one and thought the FRST. txt on Desktop, where it was saved, was the fist one. Would you like me to run it over? I will attach the one from the desktop, (the same place FRST program is saved) . One other thing though is now my chrooome browser will not open. I apologize for not getting back to you yesterday but i was in a serious car accident and unable to respond. Actually having a head time seeing now so my apologies if there are typos I am missing.
I attached the one that was run when asked the first time am I to understand you would like a fresh run?