On 3 March, on my desktop computer, Malwarebytes detected, but couldn’t seem to completely remove Trojan.Inject.ed and Trojan.Agent.RvGen. Avast detected and ‘fixed’ BV:Agent-ANZ and Win32:Dropper-gen on a Quickscan and Boot-time scan.
After that, Avast would pop up that it was deep scanning a file - and then move it to the chest - and it would block malicious emails. But, neither Avast nor Malwarebytes could detect any malicious files when I ran scans. I disconnected the computer from my home network and started using an old laptop.
On 13 March, Avast detected Win32:Crypt-QRB and Win32:Malware-gen and moved them to the chest. Malwarebytes didn’t detect any problems in scans that day, nor on many of the days that followed. But, any time I connect the computer to the internet, Avast deep scans malicious files and moves them to the chest.
Today, 29 March, Malwarebytes detected Trojan.Agent.Ed and Avast detected HTML:Script-inf.
On 3 March, Avast found Win32:Confi worm on a flash drive, when I started using my old laptop. On 5 March Avast detected VBS:Decode-CA when I inserted a flash drive into the laptop. It seems that the computers may have infected each other. I don’t see any evidence of a problem on the laptop, except that the Wi-Fi has difficulty connecting and has a weak signal and drops the internet connection at random times.
Many scans of the flash drive when inserted in other computers have not detected any more problems.
I would appreciate your guidance to remove the virus or viruses from the desktop computer and to be sure the laptop and flash drive are both clean.
Because Avast and Malwarebytes haven’t detected a virus on several scans, do I need to re-download and re-install those 2 programs before running scans?
I think the 1st infection on 3 March - on the desktop computer - was from a suspicious email that I deleted (in Hotmail). I ran Malwarebytes after seeing a suspicious message to ‘click here to update flashplayer.’ The problems I described continued even after Malwarebytes and Avast scanned and ‘fixed’ the malicious files.
It’s possible that it came from the flash drive though. I use the flash drive everyday in different computers at a school where I teach. Avast only alerted that there was a problem with the flash drive a few days later.
I’m not clear if MCShield is more for the USB or the desktop / laptop computers. Would you advise running MCShield on both the desktop and laptop since I have used the flash drive with both?
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
Then
Please download ComboFix by sUBsfrom here and save it to your Desktop. If you are unsure how ComboFix works please read this guide carefully. Note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon ( http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
Run ComboFix. Click on I Agree!
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.[/size]
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
It is recomended to have MCShield installed on all computers where you use removable drives. http://mcshield.net/reviews.html
it is a install and forget program and use no system resource exept for the quick scan when you plug in a usb storage device and the update check evry 2 hours
A question for you: this desktop computer has D:, E:, and H: drives for storage. These are regular file drives, not DVD / CD removable storage. Do the tools OTL and ComboFix also check and clear these drives?
or -
Do I need to run scans on these drives with OTL and ComboFix to be sure they are clean?
No pop-ups from Avast about deep scanning files or blocking websites, so that is a big improvement. It seems good. But, I haven’t used it much.
3 questions please:
what do I need to do to be sure my laptop isn’t still infected?
“On 3 March, Avast found Win32:Confi worm on a flash drive, when I started using my old laptop. On 5 March Avast detected VBS:Decode-CA when I inserted a flash drive into the laptop. It seems that the computers may have infected each other. I don’t see any evidence of a problem on the laptop, except that the Wi-Fi has difficulty connecting and has a weak signal and drops the internet connection at random times.”
Do I need to re-install Malwarebytes and / or Avast, since they may have been corrupted by the virus?
Do I need to check other computers / printer / router on my home network to see if they were infected by the virus? My computer is connected to the network by a cable. Others are wireless, I believe.
I have not seen any evidence of infection, and scans on 1 other computer (Windows Defender - Windows 8.1) have not detected anything.
And what would you suggest to help protect myself in the future.
Keep using MCShield on all your computers, it will protect you from USB worms. If Avast and MalwareBytes works good, no need to reinstall them. If you want to check other computers, please open new topics.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.