HTML:FBListener virus removal

Hi All,
I have fallen prey to the HTML:FBListener malware and need help to remove it.
I think it may be related to Acestream plugin that I installed into Firefox but not 100% sure. I have removed that plugin several days ago but I keep getting positive alerts about HTML:FBListener. I tried removing it with the ‘Fix Automatically’ from the scan results page but did not remove it. I also did a boot scan which ran for several hours and it is still showing up. How can I eradicate this virus? I know there is a similar thread for this virus but there are warnings not to try same fix on other computers.

I did run the zoek tool and here is my log:
??? how do I attach a log file ???

Regards,
Larry

Follow instructions. https://forum.avast.com/index.php?topic=53253.0

See below the box you write inn: attachment and Other options

Here are a couple of logs. Will send the Farbar log in a few minutes.

Regards,
Larry

FRST.txt and Addition.txt

Finally ran the aswMBR.exe but it stopped responding and quit with a pop up that the avast antirootkit stopped running.

Are there any other scans I need to do?

Regards,
Larry

Now you wait for a malware removal expert to arrive… It may take some time

Hi,

Re-run zoek and run this script:

C:\Users\Larry\AppData\Roaming\.ACEStream;fs
C:\Users\Larry\AppData\Locallow\.ACEStream;fs
C:\Users\Larry\AppData\Roaming\ACEStream;fs
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job;f
magicplayer@acestream.org;ff
mfhnkgpdlogbknkhlgdjlejeljbhflim;chr
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9};c
emptyalltemp;
autoclean;
emptyclsid;

Thanks for helping, Argus. I ran the zoek script that you provided but after rebooting, I reran a partial scan and still found the FBListener in the same place.
I have attached the avast scan image and the zoek log.

Regards,
Larry

Re-run zoek and run this script:

Quickscan;
autoclean;

Thanks again Argus. I ran the script and rebooted. Still getting hits in avast scan as shown in the attached jpg.

Regards,
Larry

Re-run zoek and run this script:

emptyalltemp;
autoclean;
emptyclsid;
emptyfolderscheck;delete 

same result after reboot & scan.

It is proving to be very sticky.

Take it easy.

Re-run zoek and run this script:

0C4ABCA568BD37E3049F0AC3B072CD7941CFD69F;z

So far so good after that last script. No virus found in that directory. I even rebooted and scanned it again. One more full scan to be sure … :slight_smile:

These are cache entries, do not have to worry. I empty the cache.

Looking good now, thanks so much argus.

Best Regards,
Larry