Please can somebody advise me on how to get rid of this evil thing. I have done all the steps in the advice on how to get rid of malware etc (MBAM, OTL) and still, I am getting alerts popping up every 15 minutes about “threat has been detected” and I see:
Infection: JS:ScriptSH-inf [Trj} OR
HTML:Script-inf
When I did a full system scan and then a boot scan, a file C:/hiberfil.sys with Threat: PS/MPC-Annihilator-1187 comes up and when I try to delete it, it says “A file cannot be opened because the shared access flags are incompatible” and in my scan log, it says “Error: the process cannot access the file because it is being use by another process (32)”.
Any help would be appreciated, as this is our reception computer in our lodge and we are about to go away and I don’t want to leave other people with this problem! I am a non-technical user, but can follow instructions.
The rest of the attachments.
Something weird though - I could not find OTL and the logs from earlier, and same story with aswMBR! Did them again - don’t know if that will change anything…
nothing is changed…as of now you have only run a diagnostic scan with OTL and aswMBR
the change comes if the removal expert find anything in those logs that need fixing after what AdwCleaner and Malwarebytes removed
:OTL
O3 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-21-1230641172-664119289-1375396581-1006..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.