Im getting notifications from mbam and avast regarding a redirect to an ip like 64.111.xxx.xxx, i didnt quite remember the exact numbers. it gets activated randomly as I use firefox…
avast says its an “Infection: al”
here are some logs, I see people attach.
I used mbam and avast to detect some infections but the problem persists.
This looks like a failed install of hard drive malware
On completion of this let me know if the alerts continue. You also have two antivirus programmes installed, in this case more is not better
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2533503728-2277263029-2195191997-1000\] > -> HKEY_USERS\S-1-5-21-2533503728-2277263029-2195191997-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> ~P1kAlMiG2Kb7Fz -> C:\ProgramData\~P1kAlMiG2Kb7Fz
NY -> ~P1kAlMiG2Kb7Fzr -> C:\ProgramData\~P1kAlMiG2Kb7Fzr
NY -> System Repair.lnk -> C:\Users\Aeson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
NY -> P1kAlMiG2Kb7Fz -> C:\ProgramData\P1kAlMiG2Kb7Fz
[Files - No Company Name]
NY -> ~P1kAlMiG2Kb7Fz -> C:\ProgramData\~P1kAlMiG2Kb7Fz
NY -> ~P1kAlMiG2Kb7Fzr -> C:\ProgramData\~P1kAlMiG2Kb7Fzr
NY -> System Repair.lnk -> C:\Users\Aeson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
NY -> P1kAlMiG2Kb7Fz -> C:\ProgramData\P1kAlMiG2Kb7Fz
[Custom Scans]
YY -> explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Aeson\AppData\Local\Temp\RarSFX1\procs\explorer.exe
YY -> explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Aeson\AppData\Local\Temp\RarSFX1\h\explorer.exe
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
thanks, here is the notepad result from the fix after the reboot.
I installed the second AV after this virus successfully installed itself without getting detected.
how does this virus get into the system? i dont remember running a random executable…
It usually arrives with a bit of social engineering - check out my photo, or have you seen this link type of thing. But, it was never able to install due to it being blocked
With regards to Avast outgoing that is MBAM being overzealous, I have disabled that function myself as it always alerted when Avast did its updates. For the bit torrent I will remove the toolbar, but to be honest I can see no active malware
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.