I had Avast for about a year without any issues but it seems that I got infected with a malware or something. It started to what appear to be a virus protection update but it was not from Avast. It then goes into IE automatically and I am not able to go into any website at ALL. I tried the msconfig but it says cans msconfig.exe is infected and it says the same for everything that I try to open. I do not even know what file is infected or anything. I cannot even go into safemode, does anyone have some information that can help me. I am really desperate at this point and any help will be greatly appreciated. I do not know if I put all the information for anyone to give me addditional assistance but if I did not please let me know what else is need it.
Scum/scam/scareware, rogue security program usually issuing fake security warnings so you will buy…
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Dr.Web® LiveCD
Emergency System Recovery Disk http://www.freedrweb.com/livecd/?lng=en
How does it work? http://www.freedrweb.com/livecd/how_it_works/
you probably have to download and make the cd on a clean computer
I tried both of the advises but I can’t run either of them. Is there a way to install these in safe mode. I am really frustated because this is the first time this happens to me.
Why can’t you install them, what errors are you getting ?
You will need access to a clean computer with a disk burner to use these CD’s.
Basically, you are downloading a file to burn to a CD and then boot the sick computer from that CD. It is often the only way to fix an infected computer showing the symptoms you describe, because you are not able to access anything from within the OS.
Read the instructions for burning and running the CD carefully.
Well, I finally got it fixed. I was able to set the reboot sequence to start with the cd drive first and that is how it finally worked. Thanks for giving me hand, I really learned a lot from this site.
was it the Dr.Web CD that fixed it?
what was found?
Well I spoke too soon. After I though everything was fixed i upgraded to Avast Internet security, i was able to install it in two of my computers but the infected one will not let me update, upgrade of put up my firewall. Recently my internet stoped working and it says that it has a slow connection and does not allow me to troubleshoot it. I installed and ran Malware bytes and found ceveral infected files and it says they were deleted but still no success running Avast Internet Suiet or connecting to the internet. I will take another laptop to work to try and copy the malware bytes log file because I am able to connect other laptops via wireless just not the infected one. I really do hope there is a fix for this.
Did you try burning/running the CD’s linked to above?
Or just running MBAM?
If the answer to the first question is “no”, the recommended course of action should be fairly obvious.
Let us know if you need any help with that.
It looks like I am still going to need more hlep guys. I ran Malwarebytes and found several threats but for some reason I can’t save the log file into a cd to upload it on my good computer. I reinstalled Avast Internet security because the firewall was not turning on; that has been fixed. I also ran Hitman Pro3.5 and also found some malware. The computer seems to be running fine but I cannot connect to the internet now, it ways it has a connection but I press the Internet Explorer and nothing happens. Before restarting the computer it says ieexplorer.exe in not responding and I have to press “end now” to continue. All virus scanners and malware software have been saved into a cd and I then insert the cd in the infected computer and run it.
Any Ideas? Please consider that I am not very technical with software and programs but I can follow step by step instructions pretty good. I have over 2 weeks with this issues and I am very tempted to call a technician and spend money I don’t have, please help.
Correction:
this is the window pop ups I get when restarting:
ImApp.exe
iexplore.exe
both not responding.
OK lets try the following from normal mode
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
Thank you, OTS is scanning right now. Hopefully I can get the result in today; I really want to get it over with, it has been a nightmare.
Here is the OTS log file,I hope it helps. Thanks for everyone’s help.
This should cure the IE and connection problem - let me know if you still get the not responding errors
Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=localhost:1361
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=localhost:1361
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\zbshxdyd.default\prefs.js
YN -> browser.search.selectedEngine -> "Search"
YN -> network.proxy.http_port -> 1039
YN -> network.proxy.type -> 1
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> fftdbs -> C:\Documents and Settings\Owner\Local Settings\Application Data\fftdbs
[Custom Items]
[RESETHOSTS]
:end
[Empty Temp Folders]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
I copied and pasted the fix, it restarted and the log file appeared. I tried the Internet Explorer again with no luck, I am running the OTS once again. I will post the results when it is finished. Thanks for the help/
Hold on the OTS scan (save it for later) I will use a stronger tool
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Scanning right now, I will post the log file soon.
Here is the ComboFix Log. thanks for the help.