Hello! Elusive Virus?

Hi All!
I was gifted this computer by my older cousin and have used it about 4-5 months. Initially everything was alright, avast was in order and there was no issue with performance. About a month back there was an odd occurrence with avast, where I was not able to close the window nor operate it from the system tray. Now It generally doesn’t work. I can’t uninstall to reinstall because of missing “permissions” and I can’t open or close it. Recently the computer has begun to run more slowly with the system freezing up when I open up things like skype or even firefox. I am nearly certain there has to be some virus/worm in here and I was hoping you could help. :slight_smile:

Thanks,
Dave

P.S. I attempted to install and scan with MBAM, but the issue was that it would go through all of the initial steps with no issues but then slowly wind down to the point where it scanned 1 file every 10 minutes or something and reaching this point of no progress at about 10%, so I exculded it because it was impossible to get.

Monitoring…

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

I have tried both the .exe and the .rar version but both are unable to run, they throw up strange error messages. I’ve got no idea whats causing the error.
Thanks for the assistance so far!
It may be important to mention that I am only able to do really anything in safe mode because non-safe mode starts freezing and doing anything takes way too long.
Again, Thank you,
Dave
P.s. Just to let you know I’ve tried running with admin priveleges

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Scan done :). Hope it helps

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

OK. It seems to have done something. Is there anything else I must do? Avast seems to now open up and close without too much hassle.
Thanks for your help thus far,
Dave

How is your PC behaving now?

It seems to be doing alright ;D. No more random freezing for the last few hours. Hopefully all is good now :D, thank you so much for your help. Was it a virus or was it something with the temporary files because I saw you clearing those?
Thank you so much for your help again,
Dave

It was malware.

Cheers :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

OK, All done.
AGAIN, thank you for all your help, you’re a great guy for doing this for free :).
Cheers,
Dave.