I have recently received warnings from Avast! regarding the above virus (Pop-up attached). I have deleted the two files displayed in the pop-up but they keep returning when I restart the system (internet connection?). The virus tries to disable Avast! on each start up (notification pop-up) which I choose “No” of course and I have attached the OTL, aswMRB, and SuperAntiSpyware logs.
I have downloaded ComboFix onto my desktop as well in preparation that I may need it but reading through some of the other posts it looks as though it is quite powerful so I don’t think I want to be using it without some expert guidance.
All help is greatly appreciated!
:OTL
O4 - HKCU..\Run: [JwvDfaej] C:\Users\Nick\AppData\Local\bqhquaye\jwvdfaej.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Nick\AppData\Local\bqhquaye\jwvdfaej.exe) - C:\Users\Nick\AppData\Local\bqhquaye\jwvdfaej.exe File not found
:Files
C:\Users\Nick\AppData\Local\bqhquaye
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Sorry for the delay, here is the Quick Scan and Run Fix logs. When the system restarted the Avast! alert with the blocked file was displayed again. Would the next step involve using ComboFix?
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I have attached screenshots of both pop-ups (virus attempt to shutdown avast and blocked virus files). I doubt that cracked steam is the problem since it has been installed for several months, but I have run the code as you have requested and the program seems to freeze when processing the first Firefox Extension - maybe it’s because I don’t have Firefox installed?
OK lets continue with Combofix although the data appears to be in the temp files
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
I have tried to run ComboFix (as administrator) but it disappears without warning and the process is not present in task manager. This eratic program closing behaviour seems to also affect Google Chrome. Do you want me to try run ComboFix in safemode with or without networking?
Yes, I have rebooted the computer into “Repair my Computer” mode and I’m at the dialog box “System Recovery Options”. I happen to have a USB right next to me.
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Download the attached fixlist.txt to the USB drive with the FRST file
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7
Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.