PS/MPC - Annihilator - 1187 - cannot delete

Please can somebody advise me on how to get rid of this evil thing. I have done all the steps in the advice on how to get rid of malware etc (MBAM, OTL) and still, I am getting alerts popping up every 15 minutes about “threat has been detected” and I see:
Infection: JS:ScriptSH-inf [Trj} OR
HTML:Script-inf

When I did a full system scan and then a boot scan, a file C:/hiberfil.sys with Threat: PS/MPC-Annihilator-1187 comes up and when I try to delete it, it says “A file cannot be opened because the shared access flags are incompatible” and in my scan log, it says “Error: the process cannot access the file because it is being use by another process (32)”.

Any help would be appreciated, as this is our reception computer in our lodge and we are about to go away and I don’t want to leave other people with this problem! I am a non-technical user, but can follow instructions.

Many thanks!

I am using Windows XP SP3

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

first lot of attachments…

The rest of the attachments.
Something weird though - I could not find OTL and the logs from earlier, and same story with aswMBR! Did them again - don’t know if that will change anything…

Thanks :slight_smile:

nothing is changed…as of now you have only run a diagnostic scan with OTL and aswMBR
the change comes if the removal expert find anything in those logs that need fixing after what AdwCleaner and Malwarebytes removed

Oh I see.
Does this problem I’m having look familiar to anyone?

First thing to do would be to remove the Hibernation cache…

  1. Click Control Panel
  2. Click Power Options
  3. Select the Hibernate tab
  4. Uncheck Enable Hibernation box to disable
  5. Click OK
  6. Reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O3 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks essexboy! Please see log attached…

Are you still getting the alerts ?

The alerts have now vanished. When I do the boot scan, I still cannot delete the PS/MPC Annihilator. Is that what should be happening now?

Did you disable hibernation ? As that should delete the file

Sorry! Complete idiot! Didn’t do the scan after the hibernation uncheck! Will do it and report back. THANKS :slight_smile: