MAYDAY

AVAST all of sudden blocking every file/program because of a some torjan. I could get not the name of it. AVAST move them the chest and not I cannot access them. There was number on the bottom right hand corner that said 1/20. As soon I click the next (I think that what button was call) Every thing went south. Even AVAST disappeared. Where did they go? I need to get them back.

Please Help

hey and welcome to the forum.

please follow this guide and attach your logs.

a malware expert will guide you from there.

http://forum.avast.com/index.php?topic=53253.0

PART 2:

When I reloaded AVAST I was able to get to the Virus Chest. There was at least 3 screens of the files that AVAST move to it (including AVAST itself). There affected with the JS:Banker-KG[Trj]. So now the question is how do I remove this JS:Banker-KG[Trj] so I can recover my files?

hey please follow the guide i posted in my first post and attach the logs. an expert will guide you from there.

Here is Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RocketNut :: SERA [administrator]

Protection: Enabled

11/13/2012 12:23:35 PM
mbam-log-2012-11-13 (12-23-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207281
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\RocketNut\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) → Quarantined and deleted successfully.
C:\Users\RocketNut\Downloads\SystemMonitorII_downloader_by_MyFavoriteGadgets(1).exe (PUP.BundleInstaller.BI) → Quarantined and deleted successfully.
C:\Users\RocketNut\Downloads\SystemMonitorII_downloader_by_MyFavoriteGadgets(2).exe (PUP.BundleInstaller.BI) → Quarantined and deleted successfully.
C:\Users\RocketNut\Downloads\SystemMonitorII_downloader_by_MyFavoriteGadgets.exe (PUP.BundleInstaller.BI) → Quarantined and deleted successfully.
C:\Users\RocketNut\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) → Quarantined and deleted successfully.
C:\Users\RocketNut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) → Quarantined and deleted successfully.

(end)

I’m down loading OTL as we speak

Heres OTL logs:

It looks as though Avast killed it… But, lets confirm that

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

OK I can not run it today but will run it tomorrow.

Now the 60000 dollar question. Why didn’t AVAST do all these checks and caught viruses before crashing my system?

Once I have determined what the infection was I may be able to answer that

Just as ComboFix started to make up a report my machine went blue screen. I was able to find the attached log files. Also just before making up the log it said it was deleting several files/folder with aalot (or some thing like that).

Should I rerun ComboFix?

It was a banker trojan that was left through.You should be happy as avast killed it while it seeded through your system.There is no antivirus that is 100% in protection or detection so every AV misses something…you were lucky enough to have avast get the signature for this malware as soon it came through your system.What MBAM and other tools found were a bunch of PUP’s…non-malicious Apps…but unwanted stuff… :wink:

The bad guys are constantly checking their malware against AV’s and so AV companies stay 1 step behind.

Learn how to stay safe: http://www.infotech.us/company-blog/22-5-important-facts-about-antivirus-programs
http://my.opera.com/rejzor/blog/2012/08/08/is-antivirus-software-really-useless

What problems are you experiencing as all that has been removed so far is adware and I can see nothing beyond that