My daughters computer has become infected with this virus. I have the most current version of Avast and it blocks it however a boot scan doesn’t find or remove it. I have also tried the most current malwarebytes with no luck. I can’t seem to find any information about this virus that’s anywhere near current nor any removal tool/technique that works for Win 8.1
I’m stuck with this one!
Any thoughts or help would be GREATLY WELCOMED (and APPRECIATED!)
MANY THANKS!
Mike
Hi Mike, welcome to the forum 
Please follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
It is night here in Europe, but as soon as an expert is online and available he/she will help you.
Greetz, Red.
Here’s the mbam log file. Will download and run farbar next.
Here are the FRST files
And here’s the aswmbr file.
Let me know if there’s anything else I can provide!
MANY THANKS!!
Mike
I have also tried the most current malwarebytes with no luck.It is a JavaScript ( [b]JS[/b]:Downloader-cpi[pup]) Malwarebytes does not target JavaScript
My daughters computer has become infected with this virus.It is not a virus, it is a PUP >> JS:Downloader-cpi[[b]pup[/b]] = Possible Unwanted Program Most likely some crap located in a browser that will download adware
Looks like it be hiding in Firefox… Time for it to die
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-05-26] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-05-26] <==== ATTENTION 2016-03-24 11:23 - 2015-05-26 13:09 - 00001030 _____ C:\Windows\Tasks\gwUA9WW8zGm7B.job 2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Maliaki\AppData\Roaming\gwUA9WW8zGm7B 2015-02-05 17:36 - 2015-02-05 17:36 - 0234679 _____ () C:\Users\Maliaki\AppData\Local\dsi1.dat 2015-02-05 17:36 - 2015-02-05 17:36 - 0161916 _____ () C:\Users\Maliaki\AppData\Local\dsi2.dat 2015-05-22 07:40 - 2015-05-26 08:16 - 0000112 _____ () C:\ProgramData\B81kdD32.dat Task: {C76C0745-3F42-42F9-85A7-CAFB72C09D2C} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {CF24D6D0-E324-4CD5-A220-9762FF01B69E} - System32\Tasks\gwUA9WW8zGm7B => C:\Users\Maliaki\AppData\Roaming\gwUA9WW8zGm7B.exe <==== ATTENTION Task: C:\Windows\Tasks\gwUA9WW8zGm7B.job => C:\Users\Maliaki\AppData\Roaming\gwUA9WW8zGm7B.exe <==== ATTENTION C:\Users\Maliaki\AppData\Roaming\gwUA9WW8zGm7B.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
I will kiiiilllll this sucker when I get home today! I THANK YOU (and I KNOW my daughter THANKS YOU TOO!)
;D
Here’s the fixlog
And the adwcleaner log. There wasn’t an “S0” but there was an “S1” (and a C1)
MANY MANY THANK YOUS!
Have the alerts now ceased ? Any further problems ?