help with possible trojans

I could use some help and figured to go for it with all the logs from all of the programs listed in the how to get the logs forum. I appreciate help if possible.
I have several trojans listed in my chest, run Avast free version, Windows XP Pro OS.

In my chest I have: Win32:Malware-gen (from Turbo Tax in Feburary) 3 times, Win32: Adload-MU [adw], Win32: Funweb-K [Pup], Win32: Funweb [Pup] (2 times), Win32: Alureon-AYY [Trj], and Win32:Alureon-AYU [Trj]

My symtoms of a slow computer went away once a few of these popped up on a boot scan. The symtoms that I continue to be plagued by are: an extremely annoying large floating rectangle with Xfinity, Comcast Constant Guard saying that I have a bot, Adobe Acrobat Reading ceasing to work (nothing happens when I click on the icon), my windows internet explorer frequently cannot open a webpage (even my homepage), java no longer runs, despite several uninstalls and installs. When I try to use a program that requires it, the program never opens, but several minutes later I get an error that says, No JVM found on your system. Please define EXE4J_JAVA_home to point to an undefined 32 bit JDK or JRE download a JRE from www.java.com.

The Java would be nice to have again. It would be nice to be able to read PDF’s, but the most annoying is the xfinity thing!

Here are a lot of logs. I didn’t save some as ANSI, because I didn’t see that it was stated that I should save ALL in ANSI. If needed I would be happy to repost them in that format.

The first time I ran RogueKiller I didn’t disable smartscreen filter and my computer crashed. I believe Log1 was from that. I disabled it for the other times, Log2 and Log3.

Thank you again for anything you can help! I can’t seem to find anything about these programs that are solutions. ALso, I am completely clueless on the trojans that I have in my virus chest.

I find that I need to post replys to this to get all of my logs attached. Thank you for your patience.

Next log(s)

More logs.

and more logs

hey a malware expert will help you from here when on come online later today.

Hi,

Step#1

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.


Step#2

Please download zoek.exe and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



firefoxlook;
chromelook;
shortcutfix;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

Whatever I ran didn’t fix my problems. I accidently ran the first one not from the desktop. I’ll run it again, and post that too.

The second one didn’t seem to do anything, but I can post that as well. Thanks again. I hope these problems can be solved.

I reloaded it and saved it to the desktop this time. It found something, but my problems persist. Also, Avast has disapeared from my computer.

Each time I ran it, internet explorer was no longer my default browser I had to reset it.

I am going to download Avast again :). Not sure why it’s gone.

Here are the logs.

Because Avast disapeared from all traces of my system, I reinstalled it. Of course, there is no virus chest. Could that mean that all of those viruses I had before were released into my system again?

Hi,

You should run ComboFix only once.

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.


Avast can’t disapeare from your computer. But it re-installation doesn’t hurt.

Could that mean that all of those viruses I had before were released into my system again?
Nope.

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[
]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[
]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]Post the contents of JRT.txt into your next message.


How’s your computer running now?

I removed that software, but I had run it twice before you had replied.

I ran the next scan.

My problems persist, worst Xfinity thing. I swear it got bigger too lol. It blocks at least a quarter of my screen.

Another question about the Avast disapearing… I did a search using the word, “avast” in windows, searching all drives but nothing came up. In the future if this happens, what would be a better word to search under, or is there a better way to look for missing programs and files on one’s computer?

Thanks. Please see the newest log attached. What next colorful icon can I download after this, hehe. I liked this one the best; it was pretty.

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Then run this zoek script. :wink:

startupall;
filesrcm;
firefoxlook;
Chromelook;
shortcutfix;

Click on RunScript and attach here fresh zoek.exe log

Problems persist. More things attached.

Hi,

  1. First run!

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.


  1. Secondly run!

Again re-run TDSSKiller as before (with change parametres ) and use Delete option for this entry:

\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c )


Re run zoek.exe using this script; Attach fresh zoek logreports:

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn;f
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn;f
TranslatorBar 1 Toolbar;ff
C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\s4zf9nqb.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f};f
emptyalltemp;
autoclean;

How is your computer running now?

Google is my homepage. It has been opening up on the first click of internet explorer just fine for a few times now.

When I come to this website the gigantic Xfinity box is back, so the problem persists.

HOWEVER JAVA WORKS NOW!! THANK YOU! My sound card is working at the moment after a reboot (it usually doesn’t). Everything is also runs a little faster. The internet doesn’t seem to be denying me pages anymore, so far so good. Now for that stupid Xfinity Comcast Constant Guard rectangle of doom! I think rectangles are officially my least favorite shape for certain now.

Here are the attached logs.

Run Firefox …
At the top of the Firefox window, click the “Firefox” button,
go over to the “Help” sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select “Troubleshooting Information”.
Click the “Reset Firefox” button in the upper-right corner of the Troubleshooting Information page.
click “Reset Firefox” in the confirmation window that opens.
Firefox will close and be reset. When it’s done. Click “Finish” and Firefox will open.


When I come to this website the gigantic Xfinity box is back, so the problem persists.

I don’t understand this. :frowning: Can you please clarifying a bit better?

I don’t normally run firefox, I only downloaded it just in case it was a problem with my internet explorer, but I will do as you ask of course.

UPDATE - I did that in firefox, and the xfinity thing appeared after I reset firefox too. Again, I usually run internet explorer. Oh Yes, another sucess from the last set of scans. I opened up a music file from a website and adobe cooperated and let me see it. That is fixed as well. Its the most annoying problem described below that still persists.

About the rectangle. This is actually my biggest problem, and I cannot find solutions anywhere. I do have comcast for my internet service provider, however; after hours on the phone with them and several phone calls most of which end in them wanting me to buy Norton for 139 dollars, they can offer no help. Sometimes they say a bot was dectected, and other times they deny that they have anything like this and say it must be a bot itself. Again, they just insist that I buy Norton, and give me a Norton phone number. Everytime that I have called Norton, they tell me that they can help me if I buy the 139 dollar software.

Whenever I am online on just about every webpage, a rectangle that takes up about a quarter of my screen appears. It has Xfinity on the top of it, and Constant Guard Alert Bot Dector written just below. Then it has several items that look like hot links to check to say, why did I receive this message, what is a bot, what can I do to fix it?

It appears on almost every page (except inside my email, banking sites, etc) but any other site, it is there, blocking a good bit of my screen. It can be moved around a bit, and it isn’t a pop up. Just a big floating annoying rectangle.

The following link has a picture of it at the bottom of this first post. Not my post, but someone managed to screen capture it. Sometimes it goes away if I remain on that page for a long while. It’s also on my husband’s computer and phone. It is not on my phone, or my laptop from work.

When I go to my add/delete programs in my control panel there is no program from Comcast or Xfinity that exists, and from what I am reading out there in the world, there are folks that don’t use comcast that still have this thing.

http://www.geekstogo.com/forum/topic/322057-xfinity-constant-guard-alert-need-it-gone/

I reported it to the FCC, but that won’t make it go away. If anything it will make my internet more expensive in the long run. I very much appreciate your attention to my problem.

Oh now I get it. I saw it in the logs but I thought that entry was related to Parentel Control and you want to remove that, so I skipped that lines.

Best to start over, so I will need new zoek log:

Re-run Zoek as you did before with this script:

standardsearch;
installedprogs;
uninstall-list;
silentrunners;

Attach here fresh zoek log

Hi:

I hope you see it this time. This rectangle comes and goes. It can go away for a day, then it comes back the next. It’s not here today, but rest assured, it will be back soon. If you don’t see it in this log, I will run it again, and post when it’s back.

Thanks!

Hi,

You have an new intel’s i3 processor …why you don’t install Windows7 for exapmple? It will run faster…

1. Control Panel > Uninstall:

AVS4YOU Software Navigator 1.4
Elevated Installer <—know this? If not …remove it.
Finale 2008 <—know this? If not …remove it.
McAfee Security Scan Plus
System Requirements Lab ← using this? If not…remove it.
Uno <—know this? If not …remove it.

2. Run BB tool

[*] Please download BlitzBlank by emsisoft and save it to your desktop.

[*] Open Blitzblank.exe by double click on it.

[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).

[*] Click the Script tab and copy/paste the following text there:

     
DeleteFolder:
C:\Documents and Settings\All Users\Application Data\Norton
C:\Documents and Settings\All Users\Application Data\Norton


[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\

3. Run this zoek script: note: Close browser before executing the script

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk;f
C:\Documents and Settings\All Users\Application Data\Norton;f
C:\Documents and Settings\All Users\Application Data\Norton;f
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s4zf9nqb.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f};f
idhngdhcfkoamngbedgpaokgjbnpdiji;chr
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx;f

4. Run Chrome in Incognito mode:
http://support.google.com/chrome/bin/answer.py?hl=en&answer=95464


Any Improvements?