Malicious software or Trojan

essexboy · March 11, 2013, 2:42pm

Yep it created a new folder and startup set in that short period

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
C:\6a4
c:\documents and settings\Administrator\Start Menu\Programs\Startup\283.js
c:\documents and settings\Bronwyn and Kym\Start Menu\Programs\Startup\283.js
c:\documents and settings\All Users\Start Menu\Programs\Startup\283.js
c:\documents and settings\Default User\Start Menu\Programs\Startup\283.js 

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · March 14, 2013, 5:04am

Loged back on to check your reply only to find control panel again disabled and malicious URL pop Ups appearing again.Should I still run the otl as requested in your last post.This post is done from my mobile phone.

essexboy · March 14, 2013, 2:30pm

Yes but we will do some additional work as the drive you are plugging in is infected and we need to stop that first

Plug in the drive
Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

Then run the OTL fix and follow with a fresh scan

system · March 14, 2013, 9:32pm

Will do when I get home tonight.
The drive I plugged in originally has not been connected to the pc since the problem started,that is why I posed my last question.
I hope I have not confused the issue by not stating this earlier.
Regard’s,
Kym

essexboy · March 14, 2013, 9:34pm

Nope but it will catch any autoruns that are hidden on the main drive, and will protect against further infections

system · March 14, 2013, 9:39pm

Thanks

system · March 23, 2013, 10:34am

Hi essexboy,
Sorry to take so long to get back to you,got called away on business at short notice and only just got back.
The MC2 Shield log is attached as requested.
Will now run the fresh OTL fix and post that log when complete.
Regard’s,
Kym

system · March 23, 2013, 12:47pm

Not sure if I have done the fix correctly.
Tried running it in normal mode and nothing happened for over an hour,so I rebooted in safe mode and ran the fix,took a few minutes.
Rebooted and ran the quick scan in normal mode,log attached.
If I have messed things up I am sorry.
Kym

essexboy · March 23, 2013, 12:51pm

Safe mode, Normal mode… OTL does not care ;D

How is the computer behaving now ? McShield did some nice work and removed some bad boys

Could you attach the new OTL scan please

system · March 23, 2013, 1:07pm

Sorry I thought that was the log I attached in my last post,obviously not.
MalwareBytes is still unable to be run,control panel still deactivated and malicious pop up warnings still appearing but not as often.
PC is running faster than it was.
My connection manager indicates I am downloading a bucket load of data as well,not sure what or why.
Kym

system · March 23, 2013, 1:10pm

Have to start work in 4 hours so off to bed.
Will check for your reply later.
Regards,
Kym

essexboy · March 23, 2013, 1:27pm

Could you re-run Combofix now please, allowing it to update if requested

system · March 28, 2013, 12:26pm

Sorry this is taking so long,work is extremely busy and I am doing 14-16 hour days,so not getting a lot of time to myself.
I re ran combo fix as requested,log attached.
Control panel has reappeared in start box,malicious url pop ups have stopped again.
MalwareBytes has updated and is accessable.
Will see what happens when I close the pc and log on again.
Regard’s,
Kym

system · March 28, 2013, 12:42pm

Rebooted pc,control panel again disabled as is MalwareBytes,malicious url popups back again.

essexboy · March 28, 2013, 2:36pm

OK the file is changing every reboot

So could you run a fresh OTL scan and attach here. In the meantime do not reboot until I have created and you have run the new fix

system · March 28, 2013, 8:35pm

OK,so run a new OTL scan,retreive the log and leave the pc running until I run the new fix.
Will run when I get home tonight.
This post from the work pc.
Kym

essexboy · March 28, 2013, 8:48pm

Aye and if that fix fails I will remove the windows scripting host for the duration as it needs that to run

system · April 2, 2013, 10:26am

Ended up having to work all through easter ,so have only just had time to run OTL.
Log is attached.
PC will remain on until I hear back from you.
Regard’s,
Kym

essexboy · April 2, 2013, 2:39pm

OK lets do it