MY Netbook is infected with virus Win32:Vitro

Viruses and worms
21

HI, This is the log

22

Hi,

You’ve posted the CF Log. But the wrong OTL Log…

Should have Month/Day/Year_Hour/Minute/Second.log.

You’ve posted a fresh Scan log of OTL

23

@ SisiliaYM

Ok, you have pressed the RunScan insted of RunFix button. We will repet the fix:

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys -- (mbr)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&utm_campaign=eXQ&utm_content=ds&from=bnd&uid=HitachiXHTS543232A7A384_E2034243HDZ7ADHDZ7ADX&ts=1381936144&type=default&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&utm_campaign=eXQ&utm_content=ds&from=bnd&uid=HitachiXHTS543232A7A384_E2034243HDZ7ADHDZ7ADX&ts=1381936144&type=default&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..extensions.enabledAddons: 4jffxtbr%40RadioRage_4j.com:5.75.3.4939
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\2.bin

:FILES
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mxiu297v.default\extensions\4jffxtbr@RadioRage_4j.com
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mxiu297v.default\extensions\{1a147621-8c9a-4d6b-a557-6513a40d3207}.xpi
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mxiu297v.default\searchplugins\ask.xml
C:\WINDOWS\System32\*.tmp

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

24

Hi, this is the log

25

Aye, that’s the one. :wink:

As we killed only the remnants with OTL, this should be it. Tell me, how is the computer running now?

26

when i scan the netbook with avast there is no longer a virus infected file…so the virus s gone ;D ;D
thank you so much for helping me

27

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.