Help on Computer Virus Attack

My computer recently got attack by a virus which shut down the computer.

Then, I scan the computer using a anti virus software many times to detect and attempt to erase the virus.

Then, I also notice some of the program and file extension has been changed or rename differently.

For example, a program listed ____.exe and other files associated with the software in ____.txt.

I am not sure has the virus been completely gone, but I really need some advice or help hopefully to resume my computer back to normal.

Please help!!!

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt / Malwarebytes scan log )

Essexboy will be notified when you have posted the log`s
He is usually in here at 8:00pm - 11:59pm UK time http://www.timeanddate.com/worldclock/

i posted the OTL, Extras txt and Malwarebytes log

The Malwarebytes did found 2 infected item. Those has been deleted.

I am not sure has the virus or infectious item been remove. I really need your help.

Thanks!!!

I see you have Kaspersky on your system

Could you go to this page please for instructions on how to generate a report. http://support.kaspersky.com/kis2011/error?qid=208282257 Once done could you upload to Mediafire and post the sharing link.

http://www.mediafire.com/?3s5fwhsrdgy3csa
http://www.mediafire.com/?5c53v4n612svxv0

Nothing showing there - what are your current problems ?

After the virus attack on the computer, some of the file extension (the file) has been change or name differently. The biggest problem is when I open certain files associated with the program, I get this message

“whateverfilename.txt is not a valid Win32 application”

Before the virus attack, I can open, save and rename this file with no problem. After the attack, I am getting this problem. And, a “beep”/“ekk” sound computer from the computer.

Also, after your last review, is my computer currently virus free???

Thanks again

OK round two

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I attach the file below.

Thanks!!

You look to be clear… But, can we clarify this point

The biggest problem is when I open certain files associated with the program, I get this message
Is it a specific programme or any programme ?

when i open notepad, txt files (notepad files) associated with notepad, i get a message “this is not a valid win32 application”.

these are the notepad document text files i saved similar to ms word files.

Could you upload notepad to check it out

File Scanner
There are some files I need you to upload for checking

[]Make sure to use Internet Explorer for this
[
]Please go to VirSCAN.org FREE on-line scan service
[*]Copy and paste the following file path into the “Suspicious files to scan” box on the top of the page:

[*]C:\Windows\notepad.exe

[*]Click on the Upload button
[*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.
[*]Once the Scan is completed, click on the “Copy to Clipboard” button. This will copy the link of the report into the Clipboard.
[*]Paste the contents of the Clipboard in your next reply.

VirSCAN.org Scanned Report :
Scanned time : 2011/03/03 21:19:33 (PST)
Scanner results: Scanners did not find malware!
File Name : notepad.exe
File Size : 69120 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 388b8fbc36a8558587afc90fb23a3b99
SHA1 : ed55ad0a7078651857bd8fc0eedd8b07f94594cc
Online report : http://virscan.org/report/1e2242dc1984ee51ce625efdf3cddb58.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110216210205 2011-02-16 0.48 -
AhnLab V3 2011.03.03.00 2011.03.03 2011-03-03 2.06 -
AntiVir 8.2.4.178 7.11.4.58 2011-03-04 0.28 -
Antiy 2.0.18 20110217.7833565 2011-02-17 0.02 -
Arcavir 2010 201103041232 2011-03-04 0.07 -
Authentium 5.1.1 201103040141 2011-03-04 1.59 -
AVAST! 4.7.4 110303-1 2011-03-03 0.01 -
AVG 8.5.850 271.1.1/3480 2011-03-04 0.38 -
BitDefender 7.90123.6763163 7.36491 2011-03-04 6.59 -
ClamAV 0.96.5 12803 2011-03-04 0.04 -
Comodo 4.0 7862 2011-03-03 1.06 -
CP Secure 1.3.0.5 2011.03.04 2011-03-04 0.07 -
Dr.Web 5.0.2.3300 2011.03.04 2011-03-04 11.26 -
F-Prot 4.4.4.56 20110304 2011-03-04 1.73 -
F-Secure 7.02.73807 2011.03.04.02 2011-03-04 0.22 -
Fortinet 4.2.254 12.959 2011-03-03 0.24 -
GData 21.1936/21.725 20110304 2011-03-04 10.07 -
ViRobot 20110303 2011.03.03 2011-03-03 0.44 -
Ikarus T3.1.32.20.0 2011.03.04.77852 2011-03-04 5.01 -
JiangMin 13.0.900 2011.03.03 2011-03-03 1.44 -
Kaspersky 5.5.10 2011.03.03 2011-03-03 0.17 -
KingSoft 2009.2.5.15 2011.3.4.9 2011-03-04 0.79 -
McAfee 5400.1158 6274 2011-03-03 7.62 -
Microsoft 1.6603 2011.03.03 2011-03-03 5.40 -
NOD32 3.0.21 5919 2011-03-02 0.00 -
Norman 6.07.03 6.07.00 2011-03-03 12.02 -
Panda 9.05.01 2011.03.02 2011-03-02 0.66 -
Trend Micro 9.200-1012 7.872.01 2011-03-03 0.48 -
Quick Heal 11.00 2011.03.03 2011-03-03 1.13 -
Rising 20.0 23.47.03.06 2011-03-03 2.16 -
Sophos 3.16.1 4.62 2011-03-04 3.15 -
Sunbelt 3.9.2474.2 8599 2011-03-03 1.60 -
Symantec 1.3.0.24 20110303.008 2011-03-03 1.77 -
nProtect 20110304.03 3221953 2011-03-04 5.96 -
The Hacker 6.7.0.1 v00143 2011-03-02 0.47 -
VBA32 3.12.14.3 20110302.1155 2011-03-02 5.71 -
VirusBuster 5.2.0.28 13.6.233.0/46181252011-03-03 0.00 -

Here are the results!!

If I post the HjackThis log, can you take a look?

No lets use another programme to look at those areas specifically

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - App Paths
Reg - Approved Shell Extensions
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - File Associations
Reg - NetSvcs
File - Lop Check
File - Purity Scan

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

I attach the file.

All of my files associated with the software (for example, a pdf file or a mp3 file)
has been name ______.pdf and _.txt. Usually, I don’t see .pdf, .mp3,. after the name of the file.

Is there a way to fix this or change the extension back with ._____???

Thanks for your help!!!

It appears from that report that all your file associations are gone

So first we will update you to SP3 to see if that cures it

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

Then install IE8 http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

If that fails we will then run dial-a-fix

The extensions are being shown as a result of the tools - we will reset them later

i am downloading the file now. it did not download properly from the website.

i am downloading the file now. it did not download properly from the website.

i install the SP3 and update the Internet Explorer.

i did a OTS scan again and attach the file.

not sure did you want me to OTS scan again, the next step

That looks OK what are your current problems ?