Need help getting rid of virus

Viruses and worms
1

I’ve ran all kinds of scans with malwarebytes and advast but I keep getting attacked by something I’ve put my firewall on public setting and its blocking a lot of files every second even tho everything says I’m clean it cant be right.

2

Could you follow the steps in this thread and post the logs here http://forum.avast.com/index.php?topic=53253.0

Also I would recommend that you change your username to something other than your mail address

3

4

Hi Firstly I would recommend that you upgrade IE to version 8 as that is a big security hole in your system http://www.microsoft.com/download/en/details.aspx?id=43

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. [2012/01/18 20:44:54 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\Derek Wood\Local Settings\Application Data\cd9033a6 [2012/01/18 20:44:54 | 000,008,767 | ---- | C] () -- C:\Documents and Settings\Derek Wood\Application Data\bec728 [2012/01/18 20:03:20 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8 [2012/01/17 22:52:05 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vr0FX00fMKi4yo [2012/01/17 21:21:00 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Io3oRzuWdJpBBF [2011/11/24 11:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\88F2A [2011/11/13 05:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\aEEEL88gRZqYC [2011/11/13 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\bmH5sQJ7dLgZhCk [2011/11/13 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\evS2ibF3pGaJdK [2011/11/13 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\fL9gTXqjUerPyAD [2011/11/13 05:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\iD33onnG4aQ6sK7 [2011/11/13 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\JQJ7dEK8gZhX [2011/11/13 05:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\vUUVVelOBtzPyc1 [2011/11/13 05:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Wood\Application Data\YDDD2obbF4mH5Q7 [2011/02/26 12:42:58 | 049,228,867 | ---- | M] () -- C:\Xen.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

5

Checked after reboot to see if I was still getting blocks in firewall and still same blocking many a second.

6

Could you reset the firewall to home

Also what file is generating the outbound requests ?

7

If I set to home will I not get infected again? ; C:\WINDOWS\System32\svchost.exe

8

Could you screenshot a section of the firewall log please

9

10

That is your computer talking to your router and is totally normal

This is mine and I have allowed access - I am on a home setting

11

That’s activity tho not connections

12

Correct because I have allowed svchost to access my router

Set the firewall to home and then look at the connections

Ensure that host services is allowed

13

:o That looks better

14

When you set to public Avast locks the system right down to enhance the security

But for normal home use you need to be able to communicate with the router

Are you experiencing any other problems

15

Doesn’t look like it we’ll see tomorrow after the full system scan tonight if there are any new virus’. ::slight_smile: