HELP!!! Flash Player Virus in my all browsers???

sory for my bad english…
i use:
Avast internet sevurity trial
windows 7 ultimate 64bit

my pc has a virus and the virus effect my all browsers…
i open firefox or İE or Chrome and try www.google.com or www.youtube.com:

http://i.hizliresim.com/e7zdXl.jpg

then click ok:

http://i.hizliresim.com/xJ1Nnn.jpg

then click “install” or “remind me later”:

http://i.hizliresim.com/wv9Vnr.jpg

click the save file and click setup.exe:

http://i.hizliresim.com/eaWpGB.jpg

my pc scanned avast, eset,and same free antimalware programs and no found virus or anything…
i using a ssd and a hdd. windows on ssd. i format the ssd and setup windows again but virus not clean!! i can’t format the hdd because my data is in this hdd. i can’t remove my data!
help me!! how i clean this virus?!!

That flash update is a fake

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

M:\FireFoxDownloads\[b]setup.exe[/b]
can you upload and test this file at www.virustotal.com post link to scan result here

the website in your avast popup (bornbarefoot.co.uk) is infected
Sucuri site check http://sitecheck2.sucuri.net/results/www.bornbarefoot.co.uk/

VirusTotal
https://www.virustotal.com/nb/file/4b9cc6534cdd3c1f56d7a7e3ca3f2454f12003c6bc8e49172cf5938464c51ea1/analysis/1395523047/

https://www.virustotal.com/tr/file/04d51fe6e17036675640274fef6aea0a88ffad17ffb224f6186d97e88060ff49/analysis/1395522925/

OK, we need that sample… do you know how to zip and password protect?

if not Essexboy will quarantine it…

OK lets remove that from the equation

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.51
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
[2014.03.21 03:02:03 | 000,000,000 | ---D | C] -- C:\Users\Mert\AppData\Roaming\MiniLyrics
[2014.03.21 03:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniLyrics
[2014.03.21 00:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samblg cracked
[2014.03.21 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Mert\AppData\Roaming\MiniLyrics

:Files
M:\firefoxdownloads\setup.exe

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

?

Could you now try google and see if the flash popup still appears

Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

the flash popup still appears :frowning:

i use Malwarebytes before format but is not find anything… now again not find anything

OK time for the big boy

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Tip #1… the only place you should ever install a program from is from the author’s website. If you want to install flash you go to adobe.com… if you want to install media player you go to Microsoft.com.

thanks but the virus infect my pc from usb flash disk.
big boy not find or fix anything :frowning:
the flash popup still appears :frowning:

Ah do you still have the flash drive connected ?

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

THEN

Please download Malwarebytes Anti-Malware to your desktop
This is an updated version
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG

https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

And if you have been at a infected website that give you fake update popups?

the usb flash disk not my and it is not here now…

my “Malwarebytes Anti-Malware” different from your pic.

http://i.hizliresim.com/eaWvJ5.png

i download and install “Malwarebytes Anti-Rootkit BETA 1.07.0.1009” log is in attach.

That Malwarebytes from his pictures is Version 2 which will be released in about 1 week or maybe less. :wink:

Could you run the MBAM scan with the new Version please as it does things slightly differently, also can you confirm that the popup appears in all browsers

ok i uninstall and reinstall Malwarebytes. now it is v2.0 but not find anything… the flash popup still appears :frowning:

Is that in all browsers or just one ?

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.