have a virus, avast doesn't see it+ wont allow updates or scans

hi all ,
i am trying to help out a friend over the phone who has your product and can use some help…sorry if i dont have all the details but she is 2 hours away and her laptop is jammed up and she needs to use it with a deadline approaching…she has a laptop running Windows Vista and has your product set for automatic updates and scans. She let someone use her computer to log into Facebook + it looks like she caught a virus.She keeps getting numerous windows popping up for porn+to sell a fake av program…the trouble is that AVAST says everything is ok, but when i have her try to get updates and run a scan she cant…whatever is in there is blocking her from going to any other websites, but her internet connection is good…its also blocking her from using task manager, system restore, etc…any ideas?

Hi two programmes to download, the first will kill the malware temporarily. This will allow the second programme to run which I will use to remove the other malware once identified. Do not reboot after roguekiller has run or the malware will restart. Does she have access to the forum to post the logs ? Also what is the name of the virus, as several new ones have come out in the last few days

Download RogueKiller to your desktop

[]Quit all running programs
[
]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[
]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

thank you for your quick response…trouble is that she has internet connectivity, but only to the websites the malware will let her go to, so she can’t download anything…it is blocking her from getting updates from avast,+desnt find the virus when scanning…she cant send me a remote assistance invitation,cant access email, cant use task manager or system restore

Could she try those links as they are not your normal anti-malware sites

When she gets rogue killer then get her to run option 2 instead of option one, there is a chance that a legitimate file may get deleted (but it is small, and will not be a windows file)

Also to reset the proxies

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

And for Firefox there are instructions on this page and you want the setting to be no proxy

she cant access any sites other than the bogus one that is showing a fake AV error message trying to get her to click on, which she cant close…and various porm sites are popping up…when i have her open internet explorer, it goes right to that page +i had her try to get to other addresses but she cant go anywhere…again, im not in front of the computer, i am trying to help her over the phone

Does she have access to another computer and a CD or USB stick ? As this sounds like windows safeboot - I have done 3 of these in the last 24 hours but have not yet been able to get the file

no other computer access…has a 8g flash drive

OK what we could try is to use Avast to kill it

First go to control panel and select the folders option
And under the view tab select hidden files and folders and OK out
Then open Avast and go to the Virus chest
Right click anywhere on the blank right hand side and select add
Navigate to C:\Users******\AppData\Local\1670194319
There should be a numbered folder in there similar to the above open that folder
Select all exe or dll files within that folder one at a time and they will be added to the chest
Reboot - you may get some errors on start but you should now be able to access other web sites

Additionally there may be a dll similar to this one which needs to be moved C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll the name will be random but recognisable

thanks for the additional info…i really appreciate all your help…we broke for dinner and im going to call her shortly+ ill let you know either way how that works…thanks again!

great roadmap!..we are close, but when she navigates to C:\Users******\AppData\Local\ there are no files similar to 1670194319 there are two files at that level…something like d3d9CAPS.dat and dcbczaz1-70d8-4dan-ehr8-e0d

dcbczaz1-70d8-4dan-ehr8-e0d

This is probably it as each infection uses different file and folder names

Also it is a folder you are looking for initially along with the weird DLL