Help!!!Avast diagnose Win32;swizzor in my com

Need all expert help.
What should i do now??
thanks.

Confused and headache :frowning:

Start by giving is more information.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx or URL, see #### below) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

Hi hockyongsoon,

Description
The Swizzor virus is actually a trojan. This Trojan program is a Windows PE EXE file, 62 KB in size.

One of its aliases could be: Trojan-Downloader.Win32.Swizzor.cc (Kaspersky Lab) is also known as:
Trojan.Swizzor (Doctor Web), Troj/Swizzor-CC (Sophos), TROJ_SWIZZOR.CC (Trend Micro),
Downloader.Swizzor.2.AR (Grisoft), Trojan.Downloader.Swizzor.CC (SOFTWIN), Suspect File (Panda),
Win32/TrojanDownloader.Swizzor.CC (Eset)

You will need to remove this trojan as quickly as possible from your computer. Any trojan remover should work, so use MBAM, download from here: http://www.malwarebytes.org/mbam-download.php

The Trojan is capable of downloading and launching files from the Internet on the victim machine without the user’s knowledge or consent. The Trojan downloads and installs an Adware & Spyware program and other Trojans to the victim machine.
Win32.Swizzor is a trojan that downloads another application via an Internet connection and then executes it.

The name of downloaded program is encrypted inside the Trojan code: “wayb_ao.exe”.

Currently, the latter decompresses and drops another application to the Temporary folder and executes it.
This application has a random name (eg: “uyh9092.TMP”). When executed,
it drops a randomly named dll (eg: “crgrzoommemsh.dll”),
a number of .gif files, five links (“Adult.lnk”, “Gambling and Online Cassinos.lnk”,
“MP3 Music Search.lnk”, “News and Sports.lnk”, “Online Movies.lnk”)
and a library (“cgllox.lib”) containing their icons:
See added picture

The application modifies registry entries (eg Internet Settings) and creates new keys; for example:
HKLM\Search Page = http://searchbar.html
HKCU\Search Page = http://searchbar.html
HKLM\Search Bar = http://searchbar.html
HKCU\Search Bar = “http://searchbar.html”

Note: To uninstall the downloaded and installed application, use the “Add or Remove Programs” option from the Control Panel and select “LOP Uninstall”.

Users should note that since the application that is downloaded and executed by the trojan resides on a remote system, its content and functionality may change without affecting the behavior of the trojan itself.

Manual removal of Win32 Swizzor: also known as •Adware/Lop
a socalled Browser Hijacker
Kill the folowing processes:
29525.exe,
trojandownloader.win32.swizzor.a.exe

Delete the following files

%tempdir%\sta33.exe
sta3c.exe
sta3d.exe
%programfilesdir%\freein~1\xyq.exe
%programfilesdir%\1bodyr~1\eqstupid.exe
%programfilesdir%\bluebi~1\kbelhpmz.exe
%programfilesdir%\bluebi~1\lsfjwaej.exe
zkumfamz.exe
%programfilesdir%\freein~1\bytemess.exe
bookslow.exe
intrastop.exe
exit show.exe
browse glue.exe
ford bore date.exe
\sect meow.exe
%programfilesdir%\bluebi~1\winsaveaboutpoll.exe
%programfilesdir%\debugs~1\fork error default.exe
debug platform one.exe
1 jugs default.exe
trojandownloader.win32.swizzor.a.exe.
29525.exe in Program Files\active~1\

Delete the following registry values

16 web
cash mess
exit bags
fileflap
fragmeta
memo
remotecreative
support two
surfgrid

Before trying to remove you can give us a HJT logfile txt attached to your next posting, get HJT 2.0.2 from here:
http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus