JS:ScriptPE-inf [Trj], HTML:Script-inf

Viruses and worms
1

Every few minutes, Avast will notify me that it has blocked the threats listed in the topic title. It will notify me multiple times and move them to the chest. I have tried running quick scans with Avast and Malwarebytes, but no threats show up. However I believe there is an infection here. Any suggested courses of action? Thanks! OS is Windows 7 if that information is needed.

2

Where are the detected files located / full file path

3

C:\Users\Nick\AppData\Local\Temp\2c70\AppData\Local\MicrosoftWindows\Temporary Internet Files\Content.IE5\H1YB1Q6G

4

Try clear your temp folders with this

TFC cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Did that help?

If not see instructions here https://forum.avast.com/index.php?topic=53253.0

5

Update: I used TFC and waited to see if avast detected anything. There were no detections for a while but I am still getting periodic notifications now for “HTML:lframe-inf” and “JS:ScriptIP-inf [Trj]” threats. They have the same location I listed above. My computer is running significantly slower, and I still believe it is infected. I remember 2 years ago I had a similar problem with avast spamming me with detected threats, and a user named Oldman helped me get rid of the problem on these forums. He instructed me to use OTL and ComboFix. Is there someone who assist me in a similar type of procedure? Thank you very much.

6

I will start with my most recent MBAM log. There were 8 threats detected and they were quarantined. I don’t know why they are not in the log though.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/1/2015
Scan Time: 4:06:17 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.01.05
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426146
Time Elapsed: 38 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

7

I’m just going to bump this and attach my FRST logs. I am having trouble using aswMBR, but I will try to use to again and attach that log if the scan works. I understand it’s probably going to be difficult to get help around the holidays, but I want to get my information out here anyway. Any help is much appreciated. Thank you!

8

Bump. Still having a lot of trouble with slow computer performance, and getting the periodic repetitive detected threat notifications from avast. When I use aswMBR it gets stuck scanning one location for over 30 minutes, and I am unable to use it to fully scan my computer. I’ve tried running mutliple scans with MBAM and aswMBR, and even in safe mode. MBAM is never picking up anything, but avast is still blocking threats. Can anyone please help? I really do not know what to do anymore.

9

I should also mention I get this security notification periodically for no reason (see attachment). I am not even trying to download anything. I also get notifications that internet explorer has stopped working, even when it is not open. I never use IE and am always using Chrome.

10

Bump… :-\

11

Could you let me know what the problems are after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1799180438-3640002558-1837021062-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 2014-12-31 18:39 - 2014-12-31 18:39 - 00000000 _____ () C:\Windows\SysWOW64\sho7384.tmp C:\ProgramData\emorhc.pad EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

12

Firstly, THANK YOU for your reply/help.

FRST was deleting temporary files for a while, and suddenly stopped responding and crashed. It would sometimes be deleting temp files from one location for a long period of time. This was similar to when I scanned with aswMBR and it would scan one location for a long time and crash. Should I try the FRST fix again, or try using AdwCleaner next?

13

Also here is the fixlog that was produced before it crashed

14

Continue with AdwCleaner please and then let me know what problems remain

15

Here is the AdwCleaner log. I just scanned/cleaned though, so I will have to wait and see if avast detects anything else. Computer performance seems better at the moment. I will give updates if any other problems occur. Thank you!

16

Update: Another batch (4 of them) of JS:ScriptPE-inf [Trj] threats were detected and blocked from avast again :-\
Edit 1: Also now getting the security alert notifications again.
Edit 2: Ok, something else strange is happening. I am getting a nonstop “Windows alert notification” sound that will not stop playing. It also continuously switches out of a any window I am currently in. Very annoying…

17

OK time for a bigger hammer :slight_smile:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

18

Ok I ran ComboFix and it took about an hour to scan. Log is attached. Computer performance seems a lot better and I haven’t got any avast notifications or other notifications since the scan (about 3 hours ago). If any other problems show up I’ll be sure to post them here. Thanks a lot though, your help has been amazing thus far!

19

Let me know when you are happy and I will tidy up

20

Ok it has been over a day and my computer hasn’t had any problems. Ready to do any post-procedures. Thank you :slight_smile: