Infection malware Getmuzicas & Getusaaal

Viruses and worms
1

Hello everybody :smiley:
Avast is continuously popping up every 10 minutes with:

Object: http://getmuzicas.info/?e=pcho
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

Object: http://getusaaall.info/?e=pcho
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

(I have attached my logs from FRST)

2

Hi there, if this fix does not work could you uninstall google chrome totally and then run a fresh FRST scan (including additions) so that I can remove any remnants

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Continue Setup.lnk ShortcutTarget: Continue Setup.lnk -> C:\Users\Edo\Desktop\Scuola Superiore\3°AITI\TLC\Multisim7\Setup.exe (No File) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {3661521F-1A18-4E91-865B-99799956BB7D} - \Torntv V9.0-chromeinstaller No Task File <==== ATTENTION Task: {4F86F750-595E-4F23-B645-0FCFC5B4142E} - \MySearchDial No Task File <==== ATTENTION Task: {667250A2-81F2-4C3A-842F-84A2BF36BE7D} - \PileFile reminder No Task File <==== ATTENTION Task: {80224464-3FF9-4BE4-AE21-D604D72F75BA} - \DealPlyUpdate No Task File <==== ATTENTION Task: {8464B4D1-3A7A-4A1A-A0C2-0615DA7AAAE5} - \Torntv V9.0-firefoxinstaller No Task File <==== ATTENTION Task: {A344CBE9-85FD-407C-9744-762D1430BD07} - \PileFile logon No Task File <==== ATTENTION Task: {E05E379D-FEB1-445E-91D9-904102341E12} - \Torntv V9.0-enabler No Task File <==== ATTENTION Task: {E08C14FC-144C-48D2-A619-65B66EA33A0D} - \Torntv V9.0-updater No Task File <==== ATTENTION Task: {EAFF8D62-B0B9-4A34-8902-371A6D74356B} - \Oxy No Task File <==== ATTENTION Task: {FF3D90BA-9C06-4092-9101-FD3D38E93516} - \BitGuard No Task File <==== ATTENTION CMD: ipconfig /release CMD: netsh int ip reset CMD: ipconfig /renew CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

3

Thanks for help :smiley:
I have attached the log from FRST.

4

Are the alerts still apparent ?

5

Yes… After 20/30 minutes it appears again…
Should I totally uninstall Google Chrome?

Sorry for my bad english :smiley:

6

Yes please, I am testing out one possible theory. Once chrome is uninstalled could you run a fresh FRST scan including additions

7

I’ve also got this problem since yesterday.

I’ve run a virus scan and nothing and also, Anti Malwarebytes which cleared stuff up and also cloud system booster which found a couple of problems .

None of these seem to have fixed the issue though.
What’s frst?

8

I uninstalled Google Chrome and did the frst scan.

Here are the logs:

9

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Task: {4005A44F-9509-4346-AF5B-0C1B2A2D1237} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000UA => C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.) Task: {8A3F9E32-D282-4A36-8AF1-3FBB7999F599} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.) Task: {E21633EB-5E54-4AE5-A24A-3F1BB9543FA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.) Task: {EFA2E70D-578B-44AB-9FE6-E0AE628D5ABE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000Core => C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000Core.job => C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000UA.job => C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe HKU\S-1-5-21-1502629668-2138011749-3211445956-1000\...\Run: [Google Update] => C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-02] (Google Inc.) 2014-06-21 09:48 - 2014-03-02 21:31 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000UA 2014-06-21 09:48 - 2014-03-02 21:31 - 00003722 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502629668-2138011749-3211445956-1000Core C:\Program Files (x86)\Google C:\Users\Edo\AppData\Local\Google CMD: ipconfig /release CMD: netsh int ip reset CMD: ipconfig /renew CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

10

It doesn’t stop it… it block the popping up for 30 min / 1 hour…

Here’s the fixlog

11

I have managed to clean one 8.1 system having found the possible miscreant in an unexpected area

This fix will generate a log for those areas

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% Folder: c:\Documents and Settings\Edo\Local Settings\Temp Folder: c:\WINDOWS\Prefetch REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

12

It works for 20/30 minutes and then it popping up again…

I have attached the log

13

Sorry that was a busted flush… I have someone else running a different programme which may reveal the culprit. So as soon as I get that data I will be back

14

Ok Thanks :smiley:
Meanwhile can I install again Chrome?

15

Certainly

Do you have a restore point from 3 days ago that you could use ?

16

Yes, but I think I was already infected… :confused:

17

OK could you try an Avast boot scan please

18

It still popping up… now every 20 minutes…

19

Could you try that restore point please and run a fresh FRST log

20

Windows says to me that is an error meanwhile the restore… error 0xc000022 :confused:
I did the Scan anyway, i have attached here the log