JS:ScriptIp-inf and HTML:Iframe-inf please rid me of these scourges!

Viruses and worms
1

I need help.

JS:ScriptIp-inf and HTML:Iframe-inf

Multiple alerts via Avast over the past 5 days and scan as I might, I can’t seem to root out these infections. They come and go irregularly. After scanning with Avast, Trojan Killer, and Malwarebytes multiple times, the frequency of alerts from Avast has slowed, but is still reappearing.

I use IE predominately and occasionally Firefox.

Logs for Malwarebytes, FRST, and ASWmbr uploaded.

Any help is greatly appreciated.

2

I have had the SAME exact problem. MBAM and Avast never seem to pick up anything in the scans though. I’ve been trying to get help in my thread for a couple days now, but I guess all the experts have been busy :confused:

Sorry for the non-helpful reply, it’s just nice to share my pain with someone else lol.

3

Could you run a fresh FRST scan on completion of the fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2882826865-3899292575-3464675106-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2882826865-3899292575-3464675106-1000\$7c90c179f3c55143ee294ba7f49149de\n. ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2882826865-3899292575-3464675106-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! URLSearchHook: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000 - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File 2015-01-02 20:06 - 2015-01-02 20:06 - 00003346 _____ () C:\Windows\System32\Tasks\{0A283C25-12E7-4AD6-88CC-9021D12B8B85} CustomCLSID: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-2882826865-3899292575-3464675106-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin () EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

4

Thanks for your help! I ran the fix and a subsequent FRST scan. Both logs are attached.

5

Looks much better, any further problems ?