looks like a computer under attack to me = but adwareclener.exe blocked :-((

ty for fixing my computer with a snap.feed.do problem.
Now another of my computers has a problem.

When I logged onto the computer with my account, a scanning program that I’d never seen before popped up and started “finding” lots of problems and asking my to pay to buy it.
I couldn’t stop the program.
I couldn’t open task manager.
So I powered off the computer and logged on as Administrator.

I’ve tried to follow the steps from your instruction thread https://forum.avast.com/index.php?topic=53253.0
I am stopped at the first step.
I am getting a message saying that “adwcleaner.exe is unsafe to download and was blocked by SmartScreen Filter”.
From what I can tell “smartscreen filter” looks like a Microsoft package?

I should I try to by-pass the Smartscreen Filter blocking?

http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9

Help!!

Probably a false positive. Did you try to download from here?: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
While in Internet Explorer 9 click the Tools button (Gear icon at the top right)
Select Safety then click Turn Off SmartScreen Filter
In the Microsoft SmartScreen Filter dialog box, select Turn off SmartScreen Filter
Click OK

Now you should be able to download AdwCleaner.

Right-click AdwCleaner.exe and select Run as administrator to run it.
Click Search.
A log will automatically open after the scan has finished.
Close the adwCleaner window, click OK to the prompt.
Post the contents of that log in your next reply.
Note: You can also find the log at C:\AdwCleaner[R1].txt

polonus

Ok, that allowed adware to run.

While waiting I ran Malwarebytes Anti-Malware (twice … the first time interrupted).

The logs of Malwarebytes Anti-Malware (run before awdare) and adware are attached.

I’m now running Malware again (i.e in your recommended sequence).

Log after adware restarted the computer attached:

Malware now appears happy.

Log attached.

OTL log attached

aswMBR log attached.

I’m guessing it was one of these two bad boys … detected in the first two Malwarebytes scans.

  1. Trojan.Lameshield
    
  2. Rogue.SystemProgressiveProtection
    

===============

  • Files Detected: 1
    C:\ProgramData\A03F04165F547EDD00E3A03E2157FDBA\A03F04165F547EDD00E3A03E2157FDBA.exe (Trojan.Lameshield) → Quarantined and deleted successfully.

Folders Detected: 1
C:\Users\michaelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) → Quarantined and deleted successfully.

Files Detected: 3
C:\Users\michaelu\AppData\Local\Temp\1jfuweif.exe (Trojan.Lameshield) → Quarantined and deleted successfully.
C:\Users\michaelu\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) → Quarantined and deleted successfully.
C:\Users\michaelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) → Quarantined and deleted successfully.

the pop-up I saw was this one:-

SystemProgressiveProtection

It wouldn’t close and wanted me to pay $$$$ so save my soul.

http://www.bleepingcomputer.com/virus-removal/remove-system-progressive-protection

Lameshield must go hand in hand as this user had the same two problems:

http://www.bleepstatic.com/swr-guides/s/system-progressive-protection/mbam-system-progressive-protection.jpg

Is there anything I should be doing here???

hey i suggest you wait for a malware expert to lock into thoose logs.

it might take some time until one is online.

A request for one of those Experts to check this thread has been posted. :slight_smile:

Hi sorry I missed you. Once this has run could you let me know what problems you are having

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-1644491937-1035525444-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.10:8080
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/10/16 08:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\A03F04165F547EDD00E3A03E2157FDBA

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.