Pushdo trojan

My IP addresses ( dynamic ip) are recently being blacklisted saying that i have been infected by a pushdo Trojan which has been spamming using my computer ;however, avast scans keep coming up empty with regards to any pushdo botnet in my system. Any ideas if avast is not detecting the trojan or any other reason why i am being blacklisted?
i keep avast up-to-date.

have you run a quick scan with malarebytes?..make sure i is updated before you do

your IP is blacklistd by http://whatismyipaddress.com/blacklist-check
cbl.abuseat.org
xbl.spamhaus.org
zen.spamhaus.org

did a quick scan using malwarebytes got nothing …do i try a full scan?

no…go here http://forum.avast.com/index.php?topic=53253.0

first run AdwCleaner…click delete…post log

the scroll down to OTL, follow instructions and attach (not copy and paste) OTL.txt diagnostic log

if you hurry you may get Essexboy to have a look before he go offline…

logs

and AdwCleaner log ?

if you dont see Essexboy here the next hour…then he is talking to the Sandman…and you have to check back tomorrow :wink:

adwcleaner log had it as a word doc

Hi there are none of the signs of that Trojan on your system, I will check deeper for you. Is this the only computer using your router

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

i think i screwed up on this one after the scans were completed it was preparing the log report by it froze so restarted my computer :-\ . and yes i have multiple computers using the same router and i will try to use to post the otl logs for each just wanted to clear this computer first. Thank you very much for your help
do u have any idea how to remove the folders and files created by combofix from C: ?

do u have any idea how to remove the folders and files created by combofix from C: ?
when essexboy is done, he will remove all tools used...and then those folders should also be gone. ;)

thanks i know that combofix should manually restore windows back but i aborted it manually so it couldnt finish but any attepmts to run just starts the installation but never gets to scanning the computer. Plus some folder that were previously hidden like systemDATA and SWsetup are not visible.
and i am running windows 8

OK lets use a different programme to remove Combofix. Did combofix report finding anything ?
This will also remove OTL

Download TFC to your desktop

[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

i was able to uninstall combofix by renaming it uninstall and running it and it installed but i will run this program just to make sure.
and no it completed all scans no report of any infection

Thank you Pondus and essexboy i appreciate the help ;D
As it appears my pc is not the one infected with the trojan i will try to post the OTL logs of the others which use the same router as soon as possible.

Got the OTL and adwcleaner logs for 2 computers that use the router.

Plus do you think that detection times of sites ,like CBL, which state the time and date of detection of the pushdo’s activity, are accurate ?
the 2nd computer logs

Not really a great deal there either…

This is computer 2

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O3 - HKU\S-1-5-21-1599363506-1463536627-1998993916-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-1599363506-1463536627-1998993916-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2013/04/17 17:29:34 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\70b823ca-4d84-4891-a77a-1ba35adfab95.dat
[2012/08/07 00:45:21 | 000,000,037 | -HS- | C] () -- C:\Users\Charles Saad\AppData\Local\1754111884ee9ab5277ca00.95260103

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Computer 1 follows

Computer 1 is the cleanest :slight_smile:

Thanks a lot …yeah I don’t use computer 1 that often and the fix for computer 2 is not for the pushdo Trojan but for another infection ?

Yes it was some old adware is all

Are you still getting blocked for emails ?