ntuser.dat virus picked up in scan

Threat: Win32:VBCrypt-CSL [Trj], under file ntuser.dat.

Threat: JS:Iframe-CPX [Trj] was moved to chest fine.

Avast couldn’t repair, move to chest, or delete VBCrypt though; says the file is being used by another process. Obviously this is a trojan, but I not know how to handle it. Any advice on what to do?

EDIT: Just noticed the other thread about VBCrypt, but I’m unsure of how it pertains to my issue.

can you attach a screenshot of the scan result… or write down the full message on this file Win32:VBCrypt-CSL [Trj]

Drop down box had all options (Fix auto, Move to Chest, Repair, Delete, Do Nothing). Just blacked out a persons name.

http://postimg.org/image/mieasfu2r/

EDIT: Embed isn’t working, this link should: http://postimg.org/image/mieasfu2r/

follow instructions here and attach logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

we need Malwarebytes / OTL / aswMBR logs

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Tama Cooperstein :: AVA-389982-1 [administrator]

12/27/2013 3:30:44 PM
mbam-log-2013-12-27 (15-30-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222287
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) → Data: “C:\Windows\SysWOW64\Rundll32.exe” “C:\Users\Tama Cooperstein\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll”,DllRun → Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I would have thought that scan report meant I was good, but I just returned to my computer after being away for a week (it was off the whole time), and when I logged into Windows my desktop background was gone and many of my desktop icons were gone. A message popped (attached below) up saying I’m on a temporary profile, though it looks like I can still access all of my files. Noticing my browser favorites are also gone, and my Comodo browser points to Yahoo instead of Google when entering search terms in the URL textbox. Running a scan with avast now. I am logged on the administrator account. Anyone know what’s going on?

I have the Event Logs open, but I’m not really sure what I’m looking at/for.

http://postimg.org/image/8u8oiao2r/

EDIT: Also noticed, none of my music is in my iTunes. Embed not working, picture at http://postimg.org/image/8u8oiao2r/

Well …if you want help we need the requested logs…

Do you have a current full disk image backup of your system you can restore from ? (not referring to System Restore)

Sure, here is a screenshot of the event viewer, I’m not sure exactly which logs are the ones we need to view.

http://postimg.org/image/jsfcmqnal/

Read my reply #3 again …

My mistake, didn’t realize it was Malewarebytes THEN more steps. When trying to install OTL, an error message pops up saying “OTL cannot be run from a temporary folder! Please download it to your Desktop or other suitable location.”

I downloaded it to the desktop, same message appears.

EDIT: The idea to try a System Restore just crossed my mind, would that be a good idea?

EDIT: The idea to try a System Restore just crossed my mind, would that be a good idea?
have notified the malware experts ....vait for advice. It may take some hours befor one arrive

Have you scanned the “infected” ntuser.dat with other malware tools, such as…

ESET Online Scanner
http://www.eset.com/us/online-scanner/

Symantec Security Scan
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=OMNMSKVYRMHCGVRVRMN&bhcp=1

McAfee Free Scan
http://home.mcafee.com/downloads/free-virus-scan

These are simple steps you can do yourself, without “malware helpers”. If these scans show the file is clean, it may well be a false positive.

EDIT: Fixed ESET link to add “/” to the end of the URL.

Scanned the file with Malewarebytes and AVG, both turned up nothing. But clearly something is going wrong with my computer at the moment, as all the little issues listed above are persisting.

A full AVG scan also found this:
http://postimg.org/image/hon5e3k3h/

It appears that you did a Quick Scan with Malwarebytes rather than a Full Scan…you might want to update the definitions and run a Full Scan.

Before you do, and while you’re waiting for someone to get back to you (?), try running full scans of your system using ESET and then Symantec, at the links mentioned above…

It appears that you did a Quick Scan with Malwarebytes rather than a Full Scan...you might want to update the definitions and run a Full Scan.
quick scan covers all areas used by activly running malware ...... and you need to spend some time/reading in malwarebytes forum

@DavidWebb do you have avast and AVG installed ?

Yes. Uninstall AVG?

did you have them both when the problem started?

installing multiple AV will give you a slow machine, windows errors and false detections …only install one AV

uninstall one and then run the vendors removal tool General: Uninstalling a third-party antivirus software http://www.avast.com/en-eu/faq.php?article=AVKB11#artTitle

it seems the removal experts are in bed now …check back tomorrow

That thread is almost 5 years old…malware infection methods have changed somewhat since then.

A Full Scan is always preferable to a Quick Scan for AV/Malware checks on a system suspected of infection.

Thanks.