So this is what i have done:
I have installed Avast, Avira, and AVG. Scanned in Safe Mode and “SUPPOSEDLY” deleted all the threats. I also used malwarebytes in safe mode and deleted everything. I also tried the Emisoft Emergency Kit did a deep scan in safe mode and deleted everything. Not only that I am also using SuperAntiSpyware Free Edition, SpyBot Search & Destroy and tdskiller. I’m usually able to remove this kind of problems by myself BUT I HIT A WALL…I’m a mid level-high level user…I NEED SOME HELP REMOVING THIS SO I CAN UNDESTAND THE PROCESS that’s why i’m reaching out to this forum. The issue is that supposedly i deleted everything but the pop up message keeps coming up every minute. I know it’s infenceted. SO I NEED SOME HELP. What else can I DO? I have searched and have done what some of the things that people did to remove it. BUT IT IS NOT WORKING WITH MY COMPUTER…

Any HELP WOULD BE REALLY APPRECIATED, the fact is I never had a virus/trojan that i wasn’t able to remove until now. My last thing that i want to do is re-image my computer.

AND THANKSSS !!! If logs are required just let me know what logs are needed and i’ll do the search and delete and post them…

THANK YOU AGAIN

The list of steps and logs is here http://forum.avast.com/index.php?topic=53253.0

Please attach the relevant ones in this thread ;D

Ok, I have scanned and deleted. What are you looking for? What is next? I saw two infected desktop.ini in one of the scanning tools. I went to the folder try to look for that file. It didn’t showed it. Let me know thanks…

Hi raya22486,

As essexboy is in England, bit of time zone difference, so wait for reply. Thought you might want to know.

There are several different variants of this, some go easy and some fight back … Lets see what you have

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Files ipconfig /flushdns /c C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5} C:\Windows\System32\config\systemprofile\AppData\Local\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5} C:\Windows\Installer\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

All right done !! I have attached the logs. I got a BSOD yesterday and it rebooted after a few seconds. I don’t know why? But it happen, now my question is why was I getting files that look like hidden files/ghost files. After using OTL and combofix they are not there anymore. Is there anything else that I need to do.

Can I get a indepth description of what were the scripts for? This is totally a new learning experience for me. I have never used none of the programs use in this forum. Thanks and let me know what’s next…??

Before I forget, my mousepad from the laptop the scrowl down and up is not working properly. Any Ideas, my keyboard is kind of messy to, i click then type and kind of doesn’t type unless i click like 2/3 times until it works.

These are the files that combofix removed/replaced and it included the file infected by zero access

c:\program files (x86)\intellidownload\gunzip.exe c:\program files (x86)\TotalRecipeSearch_14EI c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\w32dasm8.ini . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

With OTL I removed the backup folders first to stop respawning

:Files ipconfig /flushdns /c C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5} C:\Windows\System32\config\systemprofile\AppData\Local\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5} C:\Windows\Installer\{dab0e24c-882b-e2b9-cdc7-97c4b0c8d4c5}

These files were revealed by OTL/Combofix as they removed the hidden settings from the system files to enable analysis

now my question is why was I getting files that look like hidden files/ghost files.

How is the computer behaving now ?

Yea having some issues. When clicking on the button it doesn’t respond right away, i click and click and click and doesn’t work until i hit something else like a esc key or use the mouse pad, scroll bar “IF” it picks it up…it’s working sluggish not 100% but like a 80-90% just a little tiny difference. Ok, what’s next, what do you recommend. My last resource was re-imaging it, i’m thinking about it but i don’t know for sure. I went out for help on this help and i am once again, asking for help or an opinion. What do ya’ll think??? Let me know and thanks for the time.

I feel the first thing to check would be the keyboard itself

Look for any debris/blockage around the keys… As initially this does sound like a bad keyboard as opposed to software

Could you check within device manager for any warnings (yellow/red) present

buttons and keyboard were working fine without a problem. There is no debris, Thanks for the help now i gotta think if i have the time to re-image it. Like i said it was working without a problem until that trojan issues. I did so many things to it i don’t know if i deleted something critical, which i doubt it. Thanks

It is just that I am not aware of any malware that affects the actual function of the keypad

I’m going to try a wired mouse and i’ll re-post if is my touchpad. Thanks for the help… I’ll keep updating as i go through this process

That was going to be my next option, a USB mouse and keyboard