Help with Trojan Horse

Hello

today avast comes with a message every few minutes about a trojan horse : wuaudit.exe & win32BitCoinMiner.

It has slowed down my pc and although i manually delete the folder in C\users\username\AppData\local\temp\iswizard\waudit.exe it somehow manages to show up again.

I also scanned and removed all problems found by Malwarebytes Anti Malware and HitMan Pro3 but didn’t fix the problem.

I think i did the procedure listed in http://forum.avast.com/index.php?topic=53253.0 and now i got 3 log files which i attach in case you could help me.

Thanks a lot for your time

(sorry for posting before the same message as a reply to someone else’s quote)

Apologies for the lack of pictures, I have exceeded my bandwidth

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following


:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-1090180737-2106620449-67545335-1000..\Run: [tsiVideo] C:\Users\George\AppData\Local\Temp\tsiVi332.dll ()
[2013/08/18 13:40:29 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\DefaultTab
[2013/08/18 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/08/18 12:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SaveShare
[2013/08/18 12:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

:Files
C:\Users\George\AppData\Local\Temp\iswizard

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

do you think essexboy it is fixed?

no messages again from avast!

Looks good to me … Any further problems ?

no problems i guess, hope it is fixed
i wouldn’t stand a full disk format…

essexboy if it wasn’t you i wouldn’t know what to do

thanks a lot again

My pleasure, run OTL again and press cleanup :slight_smile: