I keep getting avast pop ups all the time coming up on my screen saying ‘malware blocked’ and ‘trojan horse blocked’, I’ve done a full scan with avast and it came back with 2478 infected files, I moved as many of these as I could to the chest but had to delete some others as it said there was not enough space on disk to move to chest. Some other files that i tried moving to chest said ‘the system cannot find the file specified’ and there are 2 other threats that say ‘error:access is denied’ (these 2 threats are both called: Win32:Sirefef-PL [Rtk] ) All the other threats that I’ve moved to chest or deleted are called: Win32:Malware-gen and Win32:Downloader-PKU [Trj].

I did a quick scan using Malwarebytes Anti Malware and this came back with:
Files Detected: 1

C:\Windows\Installer{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ (Trojan.Dropper.BCMiner) → Quarantined and deleted successfully

Malwarebytes states that I should restart to remove this, I’ve restarted, done another quick scan and it’s detected it again and again.

Also I’ve had an avast pop up come up on my screen 3 seperate occasions saying ‘malicious URL blocked’

Please can someone help me as I’m really stuck with all of this and don’t even know where to start. Thankyou.

Please attach your logs.
http://forum.avast.com/index.php?topic=53253.0

Do i do this here on this topic?

Do i attach the logs here?

Yes, please do so.

(It’s not detected anything this time)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dave :: DAVEM [administrator]

31/07/2012 17:18:40
mbam-log-2012-07-31 (17-18-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191084
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

We also need the logs from OTL and aswMBR…!!

Oh right, I’m sorry will do that now.

NP, take your time.

Does it take a while to do? I’m currently scanning with OTL. Will someone else reply if you are not here to assist me after I have submitted the logs?

Sure, don’t worry.

How long does it normally take to do the scans?

Well, it depends. Why…??

I’ve tried posting the OTL log but it’s saying that the file is too large.

Can anybody help me? I followed all the instructions but now I am stuck as I can’t post the OLT log as it’s too big.

Hi davemorley85,

Sorry we haven’t stepped in sooner. Asyn may be away for the moment.

To attach the too large OTL file you will need to do it in two separate posts. Use notepad or such to copy/paste half into a new notepad document. Name that whatever you wish, must be saved as .txt format, and do the same with the second half. You need to split it in half for this to work.

This is just one of the quirks this forum has, hope it is not too much of an inconvenience for you.

If the original OTL .txt file is in ANSI, then the two copies must be saved in that same format. Attach aswMBR.txt as well.

Once the required logs are attached, help is on the way.

OTL Part 1 Log:

OTL Part 2 Log:

aswMBR Log:

Hi lets get you cleaned up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL O3 - HKU\S-1-5-21-1074206148-1003604736-784829451-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3 - HKU\S-1-5-21-1074206148-1003604736-784829451-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. [2012/07/10 16:27:10 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\b2f85ee [2012/07/10 16:26:34 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\e4821702 [2012/07/10 16:25:47 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\2dd0e4d7 [2012/07/10 16:22:15 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\561aba5f [2012/07/10 16:21:48 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\435a2f1c

:Files
ipconfig /flushdns /c
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer{3b99f81f-31d5-dbab-1bcf-87d0107a285a}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now