I too have been blighted by Win32:Atraps-PF [Trj]

Viruses and worms
1

Hi there,

I’ve been trying to remove this thing for a couple of days with no luck, so I’m now looking for a bit of help from you guys if you don’t mind providing it. I’ve run Malwarebytes and done an Avast deep system scan in safe mode and deleted a bunch of stuff, but this thing keeps coming back.

I’m including my Malwarebytes log below.

Thanks,
Taylor

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Taylor Lauritsen :: PICKLES [administrator]

10/7/12 12:26:25
mbam-log-2012-07-10 (12-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229329
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer{7c415e83-6425-fe94-9e85-6829baf34102}\U\00000008.@ (Trojan.Dropper.BCMiner) → Quarantined and deleted successfully.

(end)

2

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

3

How do I attach the logs? The post layout is different from what is presented in the logs topic and I keep getting an error that my posts exceed the character limit.

4

OK nevermind, I figured it out.

5

And the others…

6

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Files C:\Windows\Installer\{7c415e83-6425-fe94-9e85-6829baf34102} C:\Users\Taylor Lauritsen\AppData\Local\{7c415e83-6425-fe94-9e85-6829baf34102} C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

7

Having a bit of a problem. The OTL fix ran fine and now I’m trying to run ComboFix, but it claims to be detecting Bitdefender Antivirus and Antispyware running somewhere, even though I uninstalled Bitdefender a few days ago. Bitdefender no longer exists on any program lists, but there is still a folder in my Program Files. I’m currently using Avast as my antivirus software and have had no problem disabling that. Any thoughts?

8

Accept the combofix warnings and let it run… We will sort out Bitdefender later

9

For when alligators aren’t snapping at your heels (system clean):

  • Uninstall possible remnants of previously installed AVs see, http://singularlabs.com/uninstallers/security-software/, this has a collection of manufactures removal tools, so that should remove any remnants, registry, etc. Scroll down to item [05a] BitDefender AV in the list, unless essexboy can remove it with one of his tools.
10

Umm pretty big problem now: every program that i try to access says this: Illegal operation attempted on a registry key that has been marked for deletion. What the hell is going on?

11

Just reboot that should release the registry block.

12

Rebooting now

13

OK things looking better now. Logs attached.

14

How is the computer now, any problems