I have recently received warnings from Avast! regarding the above three types of Virus. I have read through the Logs to assist in cleaning malware and have run the software and got the log files. It seems to have disabled my ability to run Windows update and also to turn on Windows Firewall and I would love some help with this. I would usually just download Malware Bytes, SpyBot and a few other programs and just have a shot myself but I have just bought a new computer so I’d like to get it done right.
I have downloaded ComboFix onto my desktop as well in preparation that I may need it but reading through some of the other posts it looks as though it is quite powerful so I don’t think I want to be playing with it without some expert knowledge first.
Attached are the log files that I have attained. One that didn’t open was Extras.txt when I ran OTL, and I am unsure of why that is. Anyways here they are, I hope these are all that are needed but if you require any further information please just ask.
Thanks so much in advance and I hope that someone can help me with this super annoying problem.
[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Thanks very much. I am at work at current and don’t have access to the infected computer but I will go home at lunch time and run ComboFix and attach the log file for you. Thanks again for your reply and I look forward to working with you to fix this issue.
I have run Combo Fix fully with Avast! turned off as per your instructions. I am not 100% sure but it looks as though it may have fixed the problem (fingers crossed) although I won’t assume anything and will let you decide whether or not it is fixed. Attached is the log that Combo Fix produced. I hope this can allow you to give me some good news, if not we’ll see where we go from here.
Thank you for nice words. But I’m always here, if nothing else, watching from background.
@Raz89
The main work is done. This is now just polishing.
Also, we checking some deleted files, if they are legitimate we have to restore them.
Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\windows\Installer\{c0689ee4-1979-c1cb-dac6-97c6d8bbc156}
ClearJavaCache::
FileLook::
C:\Qoobox\Quarantine\c\windows\TEMP\Temporary ASP.NET Files\root\7e973a63\6fd0db9\App_Code.0neyz3el.dll.vir
C:\Qoobox\Quarantine\c\windows\TEMP\Temporary ASP.NET Files\root\7e973a63\6fd0db9\assembly\dl3\ef939465\00f465cb_3a95cc01\WinTVExtender.EXE.vir
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
When you upload Quarantine folder, follow this to restore leght files.
Open notepad and copy/paste the text present inside the code box below:
DeQuarantine::
C:\Qoobox\Quarantine\c\windows\TEMP\Temporary ASP.NET Files\root\7e973a63\6fd0db9\App_Code.0neyz3el.dll.vir
C:\Qoobox\Quarantine\c\windows\TEMP\Temporary ASP.NET Files\root\7e973a63\6fd0db9\App_Code.clbjghxr.dll.vir
C:\Qoobox\Quarantine\c\windows\TEMP\Temporary ASP.NET Files\root\7e973a63\6fd0db9\assembly\dl3\ef939465\00f465cb_3a95cc01\WinTVExtender.EXE.vir
Quit::
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Yeah the computer seems to be running fine. Avast! hasn’t picked up either of the 3 files, or any others for that matter, since running all of your above suggestions. It seems like it may be infection free (fingers crossed). Thanks heaps for that mate. If I could plus one you I’d be all over that. Can’t thank you enough. I definitely can’t call myself a computer genius but I am far from uneducated, but without your help on this I would have been stumped. My best attempt would have been to run MalwareBytes and then SpyBot search and destroy (programs I used to use on my old Comp to fix malware etc. Your help certainly exceeded that!
Thanks again and I will definitely be in contact again if anything goes astray. Let me know if you think of anything else that I should/could have done to stop them in the first place.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Thanks again for everything. All programs have now been unistalled and I have installed MCShield. Thanks for the advice and hopefully you won’t see me on here with any more Malware or virus problems for a long time. Your help has been outstanding. Quick, concise and complete. It’s good to know that there are people like you out there :D, people who help to fix and remove the crap that others put out there to access people’s computers without permission >:(. Many congrats to you. 8)
@ mikaelrask
Sorry mate, thought it made sense posting here, as the RAZ had the same issue. Will post under new threads in the future.
@ magna86
Thanks. Uninstalled Combofix, and downloaded and ran the new one. Attached the new log to this thread. After the first run, loads of stuff was cleaned up, and AVAST stopped detecting the 3 trojans: Win32:Trojan-gen, Win32:Sirefef-AAO[Trj] & Win32:Malware-gen. Computer runs much faster now and generally no problems. However the new run seems to have detected some more problems. Not sure what it’s all about, and what I should be doing now! Any advise would be much appreciated.
[*] Click the Run Fix button.
[list]
[*] Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Your system is clean now. How is your computer running now?