Pls Help!. Trojan Viruses on memory block

Viruses and worms
1

win32:zbot-MSL[TRJ]
WIN32:patched-RE[trj]
win32:GenMalicious-Ho[trj]
win32:Broban-A:[trj]
win32:Crypt.Pas[trj
win32:GenMaliciousTT.[trj]
win32::zbot-Pxa:[trj]
win32:GenMalicious-Ho[trj]
win32:downloader-qza[trj]
win32:vb-vqz
Msil.Agent-T
Win32:speye-plugin-E
win32:agent-FBX
C:program Fies\Protect\Terralinfo.STR-another process locks part of the files so it can not be accessed.
I think I have deleted the program(program’s name was privacy right). Since all these files are on memory block I can not do anything. I am using avast and memory scanning was enabled. Lastest detected date is 01.05.15 from 12/27/14.
I have read somewhere 1. enable boot to cdrom. 2. Pulll the power plug off while computer is running to clear the ram. 3. Do clean install win 7.
Would that work? Actually it’s my mother computer and I live in different state.
Any help would appreciated. Thank you for reading.
Lance

2
I am using avast and memory scanning was enabled.
And that is probably your problem ...... the second most asked question in this forum, detection in memory

DO NOT use the memory scan setting as it will give some weird detection results

Use default scan settings for a problem free avast
Change it back, scan again … do you still get the same result?

3

I am guessing you know what you are talking about but why not?
The latest detected date is 01/05/15. daily scan is enabled. and after deleting a program called privacy right or privacy light it is not detected on avast.(scan memory modules and autostart programs is enabled)

5.2. Memory-Resident Viruses http://computervirus.uw.hu/ch05lev1sec2.html

A much more efficient class of computer viruses remains in memory after the initialization of virus code. Such viruses typically follow these steps:

  1. It allocates a block of memory for its own code.
    3.It relocates its code to the allocated block of memory.
  2. It activates itself in the allocated memory block.
4

If you want a check by a malware specialist … attach requested logs
He will be back online tomorrow

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0

5

Here’s the files.
Those Faber recovery scan tool program is detected as virus and is detected by aswMBR.
Mcshield haven’t done that.
Are you guys saying that I just ignore the bunch of trojan viruses?
I will feel much safer to do clean install win7. If it were my computer I would have done that by now.
Thank you for reading.

6

Detected tools … We know, happens after evry update

Are you guys saying that I just ignore the bunch of trojan viruses?
They are not real ..... Usually a result of selecting scan memory, and avast detect signatures from other security programs loaded in memory If real avast should also detect it at other locations

Anyway essexboy will check your logs to verify when he is online after work today

7

Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKU\S-1-5-21-3247145487-3333479889-710956976-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-3247145487-3333479889-710956976-1000 - (No Name) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - No File URLSearchHook: HKU\S-1-5-21-3247145487-3333479889-710956976-1000 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm017^YYA^us&si=pconvIE&ptb=C2849092-6AA9-4735-90E9-B26248EBAC31&ind=2014020301&n=780b82cd&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-3247145487-3333479889-710956976-1000 -> {9274F2F4-410C-41C8-81BF-9F9C0ED854F1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKU\S-1-5-21-3247145487-3333479889-710956976-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm017^YYA^us&si=pconvIE&ptb=C2849092-6AA9-4735-90E9-B26248EBAC31&ind=2014020301&n=780b82cd&psa=&st=sb&searchfor={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKU\S-1-5-21-3247145487-3333479889-710956976-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File C:\Program Files\IProtect C:\Users\hana\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c2b8 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.