Need help getting rid of virus

Hey everyone, so i got a virus(worm, malware, whatever it is) from an infected torrent download (dumb mistake on my part). My only symptom(that i can see) is every 10 minuets or so my Avast will pop up and say “malicious site blocked” or something to that affect, the site that it blocks is http://clickered.com/cen?ag . i have tried doing full scans of my computer with malwarebytes and avast, both found problems and were “fixed” however i still get the warning every so often from my avast.

Here are the logs i think you need.

MBAM log

aswMBR log

What browser does this occur in ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-3218560752-2688668579-3735490597-1000\..\SearchScopes\{532DE1B9-9787-4ECA-93D2-B7A30E551604}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3316070&CUI=UN34128262362201192&UM=2
[2013/10/17 21:49:56 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\gmijq@bnasdndblib.com
O3 - HKU\S-1-5-21-3218560752-2688668579-3735490597-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

It happens even when i am not using an internet browser. With all programs closed and my computer just running at the desktop it will still pop up every 10 mins or so. with that being said, i only ever use chrome

i ran that command in OTL, here is the log and a pic of the warning that pops up

Could you try IE and see if you get the same result

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

here is the log… im in IE right now, and the warning still came up

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

here is the log… computer appears to be running normally, i forgot to mention earliear that another symptom of this virus was that my Chrome volume was always muted on startup. and it is back to normal now… the warning from avast has not come up again, will keep an eye out to see if it comes up any more.

warning just came back… still not fixed

OK my feeling is that one of the extensions in Chrome has been subverted

Do you have chrome autostarting with windows ?

i dont have a chrome window opening when i boot up my computer… should i uninstall chrome and all my extensions? and start from scratch with it?

just tried to uninstall chrome and it wont let me. it says i have to close all chrome windows before i can uninstall, even though i have no windows open, and i dont see anything that says “chrome” in my task manager

ok so im pretty sure i got it… i restarted my computer and as soon as i could opened control panel and uninstalled chrome, before anything got a chance to open. havent had any issues since… will post again if it comes back

Yes Chrome has had a spate of bad apps updating recently http://blog.avast.com/2014/01/20/nice-apps-get-bad-makeover-after-spammers-buy-them/

Once you are happy let me know and we will tidy up

so with chrome uninstalled it stopped happening…after i re-downloaded chrome it started happening again, i ran that avast browser cleanup , it removed 2 add ons that had a poor rating, but the warning is still poping up…

When you uninstalled Chrome did you do a full uninstall including the folders it leaves behind

I would recommend that you use something like either Revo uninstaller or Advanced uninstaller pro otherwise the left over google folders are probably harbouring the bad boy

alright ill give that a try and let you know

ok so i uninstalled using Revo and it got rid of everything… re downloaded chrome, and it just came up again… starting to think i just might switch to FireFox

Are you desperate to use Chrome ?