Hi all … quite simply , everytime i open a web page , avast warns me i have a trojen , something to do with html iframe gen . initally it shows up in a file then it shows up in the temp internet files . I have tried everything to get rid of this warning including the following
full system scan …no good
boot scan …no good …
delete temp intenet files , then scan .
memeory scans and countless other pointless exercises
how do i get rid of this from my computer .? i only have a very limited knowledge of computer things so try not to confuse me … thanks
Close every IE Windows and use Microsofts Disk Cleanup Tool http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=7&y=12 and let it clean everything (without Compress Old Files)
See, if this will get rid of the Problem
HI , no that didnt work either ???
Please use Mbam http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html , let it scan your PC and post the created Report.
HI , yes i run that program anyway . it did find 5 problems and after deleting them and rebooting , the trojens re-appeared as b4 . i will run it again and post the logs for you .
I have found as soon as i boot up computer a warning comes up i have :
win32 tiny tm trogen appearing in the windows temp file .
even if i delete it , it keeps aappearing . even after a boot scan it has reappeared .
If i ignore it and open a web page , then another waring comes up saying i have
html iframe gen trojen . even if i delete it and open web pages i get the same alert about iframes
Okay, please use Combofix and post the result. You do not need to install the Recovery Console. Be sure to disable all AV/AS Guards while using it
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
hi , here is the log from the combofix
if it means anything the warning about the tiny tm trojen only appears when i connect to the internet . when disconnected it doesnt appear …
That doesn´t look good. Please test these files at virustotal.com and post the whole results or the Link to the results:
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\7.tmp
hi , all very interesting i think
here are the results
http://www.virustotal.com/analisis/0201704da56b5b509e49a7d49f5b1e46
http://www.virustotal.com/analisis/b8b00241d2ff6272c913b5cb634f0fdc
http://www.virustotal.com/analisis/35ad8789334da0ba0fece6421c18b4fc
there does appear to be more nasty files (as i assume have seen ) …but can i get back to normal …??
cheers
Whilst I’m not familiar with the combofix log, this one seems strange to me.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe
So I would also suggest uploading g:\setup.exe to virus total.
Yes, Malware often get started by these entries, but if a system is infected with a Virus(Virut Variant) i would prefer Backup data, and formating. It is important, to check all external drives to eliminate that they are infected too!
If you want you can scan your pc using drweb Cureit http://freedrweb.com/
Do not connect any external drive to this pc as long as it is infected, otherwise the (PE)exe files will become infected too, even if you only want to scan them with drweb or avast
here is the result for the scan of setup exe
http://www.virustotal.com/analisis/dd0c3ed281603a68bc64f5fca50d9513
Yes I noticed from the VT Results some of the detections were Virut and that isn’t too good as it can be pretty destructive. If CureIt can be run it is perhaps the only one I know of that might be effective, more so if it can be run from safe mode.
HI , i ran drweb and it looks like windows has been wiped out as it wont boot up now …guess i will re install now … :o