My uncle’s/cousins’ computer has been recently infected. They have frequent virus problems and I usually am the one to clean it up although I’m no expert; usually a scan with MBAM will do the trick but this time I need some help. Please excuse the wall of text, I’m just trying to give as many details as possible. :-\
Everytime the computer started, avast would show numerous red popups until the computer eventually bluescreens (a couple minutes after boot) and restarts. The avast installation was in another language so I had to try to install the English pack but the comp would always BSOD by then… so I had to uninstall avast in Safe Mode. (I only used aswclear.exe, I forgot to uninstall through Control Panel first)
I ran CCleaner and then I ran a quick scan with MBAM and moved everything to quarantine (can’t post log now since I won’t have access to their comp till tomorrow) and tried to uninstall other antivirus programs. (McAffee Virus Scan was one that I found (removed using the control panel)) They are kind of computer illiterate, so they don’t know what other programs were installed on the computer in the past.
After this though, the computer would not start up normally. After clicking the User in the Welcome Screen, it goes black and I have to manually shut it down. Also, I think that the computer is still infected as google searches are always redirected. I can boot up in Safe Mode.
I hope someone can help, I’d really appreciate it
I won’t be able to use their computer till tomorrow and I have to sleep now, so I’ll check back tomorrow…
Thanks!
edit: Feel free to pm me also
edit#2: Windows 7 Home Premium 32 bit, avast 7 Free+Win 7 Firewall, then they updated to internet security trial version thinking that it was a button to remove viruses (i plan to install free version again after treatment, as they do not want to pay for a security solution)
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
Thanks for replying. I will post those logs as soon as I can, but now the computer cannot even boot in safe mode. After the Dell screen, The screen remains black with a blinking cursor whether its booting normally or in safe mode. Will I need to reformat?
Are you disconnected from the internet? If it’s wired, take the wire out. Wait for the other replies, but I would say if it’s impossible to boot, you’ll have to pull the hard drive and hook it up externally.
Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[*]Download the attached scan.txt to a USB drive
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy [*]Double-click on the OTLPE icon.[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start
[*]Drag and drop usb scan.txt into the Custom scans and fixes box, or double click the scan box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Hi, sorry for the trouble; I already reformatted the computer as I had permission to do so (it had nothing important on it anyway). But anyhow, I appreciate you guys trying to help. Thanks