Malware Assistance

Hey guys,
I did a full scan and Avast found some stuff and said I needed to do a boot scan to get rid of it, which I did. It came up with a java script malware gen and I selected delete all. It deleted a gazillion of those little buggers. Only I don’t know where, or if, it keeps a log to show you? Can you tell me where that log is? AND should I do the scans recommended here as well?

does this help. http://www.avast.com/faq.php?article=AVKB21

avast FAQ. http://www.avast.com/faq.php

Hey Pondus,
Thank you! Yes that shows me where they are located. In the virus chest. That boot scan came up with 200 infected files, UNBELIEVABLE!! Not really but still, that’s alot for me. 11 of which, for some reason Avast could not find to move to the virus chest. Any clue why? What should I do next??

follow the guide: http://forum.avast.com/index.php?topic=53253.0

Attach all logs here…

Also please do this:

11 of which, for some reason Avast could not find to move to the virus chest. Any clue why?
if you reboot and scan again, those should be gone..... follow advice given by true indian and attach logs

Okay, here ya go :slight_smile:

Hi as you do not appear to use Java then run this fixit from MS to stop java running in IE http://support.microsoft.com/kb/2751647

Once this has run could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\Beau\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
O3 - HKU\S-1-5-21-614467982-2395519412-2298608913-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-614467982-2395519412-2298608913-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2013/01/23 01:30:08 | 000,000,000 | ---- | C] () -- C:\Users\Beau\tugrhwzctefhuyewibfxbpfev.exe
[2013/01/23 01:30:07 | 000,000,000 | ---- | C] () -- C:\Users\Beau\kcheeyualpqzrons.exe

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Well here you go. Gonna do one more Avast bootscan!

How is the computer now ?

Everything seems okay now Essex, although it really didn’t seem bad before I did the original boot scan either. So I really don’t know lol. You don’t see anything else?

Oh Crap!
And I do use Java for Pogo and now it won’t work! :frowning:
I’ve reinstalled it and enabled in my browser through my browser and through the control panel. Yet Java is still not recognized! grrrr
You really shouldn’t assume people don’t use it and make them uninstal it! This is frustrating.

Wonderful, I’ve uninstalled and reinstalled Java 3 times and it’s not working!! PLEASE help me fix what you broke Essex!! :stuck_out_tongue:

Well I went to programs and features and noticed that I had a Java 6 and 7 so I uninstalled those. I also found that IEJava Block thingy that apparently you had me install and uninstalled that. I then reinstalled Java again and it’s still not working!! WTF???

Well I went to the microsoft site that you originally sent me to and there was an undo there. I tried that and it’s still broken!! This sucks!!!

Download javara from here http://singularlabs.com/software/javara/
Run the programme and select remove JRE
Reboot and now install Java

Done! Still broken >:(

Sry, I didn’t realize I had both screens active on the first pic and couldn’t figure our how to delete it. Anyway, it’s still doesn’t see it when I verify and it’s enabled everywhere!

I tried using firefox and java works there if that helps any. So I uninstalled IE8, which ofcourse reverts back to IE7 and veified Java again and still no go. UGH!

The undo at MS just reverses the registry changes back to normal. I have come across this a few time before. What you need to do is run Javara and then in programme files and appdata delete the java/sun/oracle folders

Did that and that didn’t work either. However I installed IE9 and that did the trick!! IE sees Java. Now it’s asking me to enable the Jave plug-in SSV Helper’ add-on-from 'Oracle America Inc. Should I enable that as well?

Your choice on that one, but as you need java then I would say yes