IE infection and could not solve by myself

Non-English Boards Deutsch
1

Well, sooner or later we all come here to ask for help.
In a business computer of a friend of mine, he has AVG (paid) and got an infection that I could not solve.
I’ve run MBAM (detect at first, clean, but then it comes back). Some scannings with MBAM return clean.
I’ve run ESET online. The same, first clean, then clean scannings.
I could not manage to run Norton on demand scanning.
Comodo Cleaning Essentials does not pick it up.

The symptom is an add popup at the end of each webpage.
I’ve attaching some logs.

Side note, C:\WINDOWS\system32\drivers\gbpkm.sys is a banking plugin. It’s clean.

2

Logs

3

Tech, you’re in the German section here…!!
Guess, you wanted to post this in V&W… :wink:

Nevertheless, you’re always welcome here…!! :slight_smile:
Asyn

Edit: Well, it doesn’t really matter, just leave it here and I’ll ask Essexboy to take a look at it. :wink:

4

Hi Tech I feel that there may be a TDL 3 type infection there based on the aswMBR results

I am happy about the banker plugin and will not touch it honest ;D

18:11:23.443 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x89d554f1]<< 18:10:43.536 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

5

Seems you’ve win at the first 8)
What would be of us without Essexboy? :wink:

No more ads. Now only 10 suspicious files detected by Kaspersky.
I’m running a full scan with aswMBR.exe also.

THANKS.

And sorry for the off board post.

6

Could you attach the log please Tech ;D

7

NP Tech…!! :slight_smile: As said, you’re always welcome here, but next time you’ve to post in German. ;D

PS: It seems Essexboy is still waiting for one of your logs… :wink: