After scanning my computer, today, Avast! found a worm infection inside of my computer.
I may have been skeptical, but there were 51 of them or so, and since worms duplicate and go into large numbers… I am almost surely infected.
RK found 2 PUM keys that it doesn’t normally; per say I have my user and computer folder on my desktop gone as I find it obtrusive, but haven’t gotten messages for four of them.
Something that does make me more suspicious is that I did download an After Effects file from someone else not that long ago.
Here is my Rogue Killer log, and an image of some of what Avast! found.
More logs are to come, I will put them in a new post so it’s easier to tell when this has been updated.
More logs…
LoveLetter is an old E-mail worm, from 2000 where in the computer did you find this? … full file path
Here is the full file path for some of them… please note that it is in two parts and one image continues the next.
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Love Letter worm info
http://en.wikipedia.org/wiki/ILOVEYOU
http://www.securelist.com/en/descriptions/6885854/Email-Worm.Win32.LoveLetter
other versions http://www.securelist.com/en/find?words=I-Worm.LoveLetter&searchtype=
Logs for Argus:
And thanks for the info, Pondus.
Avast removed the worm.
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Here is the log from MCShield.
Just wondering if sending the worm to the virus chest would be good enough?
Just wondering if sending the worm to the virus chest would be good enough?
Yes, I see no present or active malware.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Done! 
Thank you for all of your help!
If you need the DelFix log, please tell me in another reply.
Delfix just removes the tools used 