I picked up a Ransomware virus from a website, Avast did not detect. I did isolate it and seems to be gone after running RogueKiller. Is there anything I should do to verify it is gone, and to be sure the system is clean? I have attached the reports. I did run RogueKiller again and it found some registry stuff, and generated two additional reports so Im not sure what to make of this?
Is there anything I should do to verify it is gone, and to be sure the system is clean?follow this guide and [b]attach[/b] Malwarebytes / OTL / aswMBR logs http://forum.avast.com/index.php?topic=53253.0
hi DaoToaD,
RogueKiller works only as a part of the cleansing process. It is designed to stop rogue processes from running, but a reboot will bring these processes right back as the file responsible are not removed.
additional logs attached.
Wait for a qualified removal expert here to look into the logs you provided and foillow instructions to the dot,
polonus
Tigzy has added this malware to his routines for RogueKiller. Are you experiencing any problems ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-3959305775-1676004970-4096857512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
O3 - HKU\S-1-5-21-3959305775-1676004970-4096857512-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:Files
netsh int ip reset
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here is the latest log.
Are you experiencing any problems ?