Logs

Viruses and worms
21

PC is clean, one more check…

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

22

Thank you!

No threats were found. I’m still getting MBAM notifications without a browser open but I guess that doesn’t necessarily mean I have a virus?

23

Open MalwareBytes then tab named Logs

Latest report should be on the bottom, open it, and attach it’s content here

24

Latest MBAM log

25

We need another check…

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.
  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.
26

ComboFix

27

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts C:\export.reg

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Then…

You will find file named export.reg in [b]C:[/b]

Attach that file here…

28

Fixlog

It says I can’t upload .reg files…

29

Upload it somwhere else and copy the link…

Zippyshare for example…

30

http://www68.zippyshare.com/v/54837861/file.html

31

Computer is clean, do you still have MalwareBytes warnins…

32

Yeah…

33

Does it happens all the time, or only when you visit some websites…

34

All the time.

35

I really do not know why is that happenig, PC looks clean…

Run MalwareBytes, but first Update it.

Press Quick Scan, if something is found, select and delete. Attach the report…

36

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Emily :: EMILY-PC [administrator]

Protection: Enabled

17/12/2013 10:56:48 PM
mbam-log-2013-12-17 (22-56-48).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 528252
Time elapsed: 1 hour(s), 40 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) → No action taken.

(end)

37

As I said, PC is clean…

How is the computer behaving except MBAM warnings…

38

Perfectly fine. I’m getting quite paranoid/obsessive about these notifications. I’ve spent hours looking through my C: drive and deleted a few things that looked suspicious…

After seeing this in the last scan report…

Files Detected: 1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) → No action taken.

I went into the AdwCleaner folder and found a lot of folders within folders labelled backup>users>emily>mozilla>firefox etc. etc. and inside were VIR. files so I deleted the whole thing. Not sure if this was the right thing to do but as I said I’m getting a bit obsessive.

The pop-ups have slowed down but they still happen without a browser open.

39
C:\[b]AdwCleaner\Quarantine[/b]\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.
as you see it is detected inside AdwCleaner quarantine folder

you may empty AdwCleaner quarantine folder :wink:

40

About this MalwareBytes detection, it is related to Adwcleaner quarantine, and we will delete this tool and it’s remnants, so you do not have to worry about.

At the other side, about MalwareBytes warnings, I see nothing malicious on your system that can be related to it. Maybe it is a False Positive detection related to some of your programs that making a internet connection or similar. If you want to add it to ignore list, right click MalwareBytes icon in the tray, and choose Add to ignore list when you spot the warning. Simple as that.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I need you to keep your software updated:

  • Uninstall outdated Adobe Reader and Java and download latest versions.

Cheers :slight_smile: