Might have gotten a trojan/virus and can't "cure"

Hello everyone…
This friday, while i was surfing the internet, a new tap, trying to copy the Windows thing, where it says ‘alert alert - you need to download this virus program’, and everytime i pressed NO a new pop up emerged and so on… So I paniced and closed the computer. I might have to mention that I, at that time hadn’t installed an antivirus programme. Well, i guess I don’t have to mention that i’m a retard when it comes to computers.
Anyways, my computer started doing this freezing thing every once in a while, where the computer would just freeze. I installed Avast, which detected these threads:
C:\Users\Tobias\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Low\Content.IE5\R9V2RC2A\3434[1].htm - JS:ScriptIP-inf [Trj]
C:\Users\Tobias\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Low\Content.IE5\V6COJ9SY\Scannerxpantivirusvnedors_com[1].htm - JS:FakeAV-GP [Trj] - Btw i believe´that the site that popped up was the ‘scannerxpantivirusvendors.com’.
Well, i run the scan, and deleted the files… But my computer still freezes. I run Windows Vista btw…
I hope that someone out there can help me, and keep in mind that i’m somewhat of a tool. Oh and i’m Danish as well, which explains my broken english

Check you computer for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
Always Update so you have latest database before you scan
Click the remove selected button to quarantine anything found

Post the scan log here

a small tips is to send any malware avast finds to the chest instead of delete them. if you delete them there is no way of checking the files if there were real or not. better to send them to the chest were the infection can’t do any harm and you get more opions to deal with the infection.

Hi there. Thanks for the replies. I ran the malwarebyte scan, and it detected 3 files. To which where in relation to the bet365 poker thing i’ve installed, and one which i think is a ‘trojan’, and its now quarantined and deleted. Ayyway, here is the log:

If you want the bet365 removed you must scan again and then select them for removal before you click “remove selected”

So have this solved your problem ?

Hmm, i’m afraid it didn’t solve the problem. I just returned from school, and this is the first time i use the computer after doing the scan… And the first thing that happens while i’m checking my mail is the blue screen of death… It’s the first time it has happened to this computer. So what do you reckon?

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log / Malwarebytes log )

Essexboy will be notified when you have posted the logs…he arrives her in 3-4 hours

Can only see OTS ? MBAM in reply #3

Now sit back and wait for essexboy

og så kan du forberede deg på et nederlag på Lørdag ;D
http://www.vg.no/sport/fotball/norsk/landslaget/artikkel.php?artid=10091483

Hi you have some active drivers from Norton and McAfee running - so I will clear those up. Also your host file is a bit iffy. Once done let me know what problems remain

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> ssscheduler.exe -> C:\Programmer\McAfee Security Scan\2.0.181\SSScheduler.exe
YY -> aluschedulersvc.exe -> c:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
[Win32 Services - Safe List]
YY -> (McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
YY -> (LiveUpdate) LiveUpdate [On_Demand | Stopped] -> c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
YY -> (Automatic LiveUpdate Scheduler) Automatisk LiveUpdate-planlægning [Auto | Running] -> c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> ${URL_SEARCHPAGE}
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.bigseekpro.com/facesmooch/{8AFBD76D-1D7D-41A0-A3BA-8F2F060847A2}
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2934361805-3201776875-735357158-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-2934361805-3201776875-735357158-1000\: Main\\"Start Page" -> http://www.bigseekpro.com/facesmooch/{8AFBD76D-1D7D-41A0-A3BA-8F2F060847A2}
YN -> HKEY_USERS\S-1-5-21-2934361805-3201776875-735357158-1000\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Users\Tobias\AppData\Roaming\Mozilla\FireFox\Profiles\vmj64vex.default\prefs.js
YN -> browser.search.defaultenginename -> "AVG Secure Search"
< FireFox SearchPlugins [User Folders] > -> 
YY ->  bigseekpro.xml -> C:\Users\Tobias\AppData\Roaming\Mozilla\FireFox\Profiles\vmj64vex.default\searchplugins\bigseekpro.xml
< HOSTS File > ([2009-05-08 14:18:51 | 000,001,494 | R--- | M] - 36 lines) -> C:\Windows\System32\drivers\etc\hosts
YN -> Reset Hosts -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> [AVG Safe Search]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2934361805-3201776875-735357158-1000\] > -> HKEY_USERS\S-1-5-21-2934361805-3201776875-735357158-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "AvgUninstallURL" -> C:\Windows\System32\cmd.exe [cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAA3ADEANwAzADUAOQAyADkALQBGAFAAOQArADYALQBUAEIAOQArADEALQBGAEwAKwA5AC0AWABPADMANgArADEA"&"prod=90"&"ver=9.0.872]
[Files/Folders - Modified Within 30 Days]
NY ->  Norton Security Scan for Tobias.job -> C:\Windows\tasks\Norton Security Scan for Tobias.job
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Alright, i ran the fix… But guess what - blue screen of death while it was operating… FFS i’m so sick and tired of this!!! I ran the fix again, and attatched the log here…

Now in my appartment i know about decent basic maintanance - better to prevent than fix, right? Does anyone know where to find a good guide to basic computer maintenance…? and it doesn’t have to be for seniors, i’m not a total 'tard!

LOOL… Forbered jer på at få en fodboldlektion af DK med Christian Eriksen i spidsen :P…
http://www.dbu.dk/~/media/Images/DBU_Broendby/landshold_-_ungdoms/u17/200708/christian_eriksen_u17_danmark-sverige.jpg

Bøllemis

What sort of information would you like ?

Well, it’s a kinnda difficult question. Cause i just want to know how to keep my computer fit - during this process i’ve realized that a lot of programs (or drivers or ?) that i don’t need are running, and i can’t help thinking that these are doing bad stuff for my system. If i really sound like a retard, its partly do to my dubious english.
I guess i’m not the first one to realize this problem, and perhaps that’s what all these antimalware scans and antivirus programs are all about?

OK lets stop the things from running at start first

Download Startup Control Panel here use the standalone exe version
Instal and you will find a startup icon in the control panel - run this

[*] In the HKLM tab, you may disable (be careful → “disable”) all the entries except your security software
[*] In the HKCU tab, you may disable all entries.
[*] In the StartUp tab, you may disable all entries.

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don’t hesitate to ask :wink:

THEN

Run a fresh OTS log and attach that and I will see what is still running that is not required

Something I unfortunately found with these new fake antivirus and security things Is do not click on them anyplace! Use the task manager to close them.
Joe

Thanks for the link. I noticed a couple of odd’s while i was trying to disable some of the programs.

  • When i try to disable for example Adobe ARM and Adobe Reader Speed Launcher, a new icon appears, with the same name, and with the message “There is already an enabled/disabled item with the same name. Please rename either the enabled or disabled item”
    This is in the HKLM btw. It’s pretty weird as it does it to practically every program i try to disable.

OK run me an OTS and I will disable them from there ;D

Here’s the log =)

Ah saved in Unicode and not ANSI

http://i1224.photobucket.com/albums/ee362/Essexboy3/Untitled.gif

Also I have just been put onto an easier programme to use - I have just tried it
Download and run startup lite - it will show all unecessary start ups just select and stop http://malwarebytes.org/startuplite.php