Need help on cleaning up Whatsapp Mail scam malware

Last night I carelessly clicked on ‘Play’ in an email received in Outlook 2010 mail client on Windows 8.
The email displays Whats App voice message with a Play button.
It is a mail scam malware. It grabbed my address book and sent similar scam email to everyone in it. It caused my “Gmail account send quota exceeded”. I now cannot send email with the same Gmail account.

I ran Avast! Quick Scan, System Scan and also Boot Scan. It showed a few viruses found. But the virus details do not seem to be a related malware cleaned. However, it seems that the outgoing mail scam has stopped. But I am not sure if the scan has cleaned up the malware / virus, esp. on the Outlook program itself.

Can someone please let me know whether Avast! does detect and fix the above mentioned malware / virus?
Thanks very much.

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0

Thank you, Pondus.
After reading the log you mentioned, I assume I should download mbam and scan. Correct?

Will try and let you know the outcome. Thanks.

Hi Pondus,
The Malwarebytes Anti-Malware scan has completed. It identified 116 threat (mainly PUP.optional.wajam threats). I clicked Remove All, and they are all quarantined.

Do I still need to continue to download Farbar Recovery Scan tool and scan?
I have attached the scan log in case you are interested to see. Appreciate your recommendation for next step.

Thanks again for your help.

Do I still need to continue to download Farbar Recovery Scan tool and scan?
yes as those two diagnostic logs are the important ones ..... it will show any leftovers for the malware expert when he is online later today

Thanks for your reply.
I have attached the additional diagnostic logs and re-attached the scan log.
Please review and let me know what I need to do next. Thank you.

My apologies… I just realized that the aswMBR scan was not quite finished.
I am attaching the final log “aswMBR-1.txt” when the scan stopped.

Hi could you let me know of any problems remaining after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKU\S-1-5-21-3217659425-2845654129-2608031636-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thanks for the instruction. Attached are the 2 log files.

  • Fixlog.txt and AdwCleaner[S0].txt

DO you also need the other 2 logfiles: AdwCleaner[R0].txt and AdwCleaner[R1].txt?

What problems are evident now ?

It seems to be working fine so far… just want to make sure no more malware bugs still hidden in my laptop. I assume it is clean now?
Thx.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

"I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup: "

That’s great! Thanks for your help.

I’ll leave my pc running for 24 hours, then run the removal tools if everything looks alright.
Thanks for those recommendations and tips. Appreciated.

My pleasure :slight_smile: