Help removing viruses

Hello a few months ago I came here for help and I was very impressed with the level of support and response time, so now I am in need of some help again. I have attached all the logs but my main problem is 2 viruses that are blocked by avast every time I open chrome, ill attach screen shots of the messages it displays. I tried removing them from the virus chest, but they just came back and they will duplicate in the chest every time I open Chrome.
Oh and I will have to attach the screen shots in a separate post since I’m only allowed 4 per post and just in case you need it the files it blocks are called “background.js” and “contentscript.js”

All your help is greatly appreciated!!

Here is my MBR file and my screen shots will be up in just one minute.

Here is the notification I get overtime I open Chrome and if I remove them from the vault they just come back next time Chrome is opened.

Looks like we just need to clear the Java and temp files

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ok here is the log from the quick scan, there is also a log from the first scan, however even after the scan and reboot it still gives the same 2 messages. And one other thing I thought I might mention, I’m running these out of a new user account I made, but the original account that was infected doesn’t give the same messages, only the new one just created a day ago. Just thought I would add that since I noticed in the quick scan log it said that the account it scanned was the current one.

Thanks for the help and very fast replies!

Run this in the user account with the problem

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

Hello, I think some think may not be right, I just want to check, but the scan has been going for 3 or 4 hours now. The command box said some stuff but at one point it and the start bar and desktop and everything except the background and mouse disappeared. I know it said this might happen but its been like this for a majority of the scan and it hasn’t shown any sign that its doing any thing. The mouse can still be moved and I think I might be able too open task manager and shut it down that way. Or if this is normal that’s fine too, I’m in no hurry I just didn’t know since it hasn’t shown any sign of anything for a few hours.

Thanks! :slight_smile:

Stop JRT and reboot then go to the user account that is infected and run a fresh OTL scan please

Ok sure, and should I press quick scan or run scan? And should I paste any custom commands in the box?

Just run scan and select all users and the LOP button

Here you go!

In the same account could you run this fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If they still appear after this then could you run Chrome in incognito mode and let me know if that stops it

https://support.google.com/chrome/answer/95464?hl=en-GB

Ok the quick scan log is attached and I added -incognito to the target path of the shortcut so it would give me a fresh start right into incognito mode but it still gave me the same 2 warnings.

OK you will need to fully uninstall chrome for that account including all folders associated with it

https://support.google.com/chrome/answer/111899?hl=en-GB details here

Hello I’m having a problem downloading remove.reg. I get the error Failed - Server Problem. I tried different browsers on this computer and I tried a different computer all together. But nothing worked so I’ll just try again later since this has to be a problem on Googles end. I’ll update you when I get the file downloaded. :slight_smile:

Yes it is a Google problem, you can skip that part as it is non-essential. The main thing is to remove the google folders

Ok I deleted the Chrome folder like the page said, whats next?

OK now you can reinstall chrome if you wish and the problem should no longer be present

Ok so I deleted the Chrome folder but it wasn’t uninstalled. So I uninstalled it manually, and made sure the folder was deleted in both user accounts I then reinstalled Chrome but I still get the same message.

Could you expand the full alert to show what the folder is that Avast is alerting on