This all started when I got an FBI virus on my computer. I thought I got rid of it but after that my microsoft security essentials stopped working. I uninstalled it but now it won’t reinstall so I decided to use avast to make sure that the virus was gone. I scanned a full scan with avast and it picked up multiple viruses (a screenshot’s below). When I tried to repair or delete it, I get Error: Access is denied (5). If I try moving them to the chest I get Error: The request is not supported (50). I ran a boot-time scan but it didn’t pick up anything. I also did a full scan with Malewarebytes’ AntiMalware but it came up clean.

hey and welcome to the forum.

i suggest you follow this guide and attach your logs

http://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there.

Here are the logs

You are still infected

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I tried downloading Combofix but I keep getting the error “Illegal operation attempted on registry key that has been marked for deletion”

you mean you have run it?

Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

reboot again…

I did not run Combofix before but my brother used to fix issues on this computer so he may have run it before? I rebooted it and it ran fine afterwards. Everything seems to be working fine. There was a pop-up that used to come up that I think was part of the virus but it’s gone now. Microsoft Security Essentials is working fine now. I’m not getting those errors from avast anymore. Unfortunately I can’t find the log from Combofix. I checked where it was supposed be but it wasn’t there

ok, essexboy will be back later with new instructions

Microsoft Security Essentials is working fine now. I'm not getting those errors from avast
are you running MSE and avast?

Could you run a fresh OTL scan please with the initial script you used

Sorry for the delay. The log of the second OTL scan is attached. I have both MSE and Avast because MSE came with the computer. They never showed any signs of incompatibility so I kept MSE

OK combofix cleared the reparse points which is good, MSES may work now. You also have both Norton and Comodo antiviruses running so you need to remove those

On completion of this can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2013/09/19 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Mehta\AppData\Local\Bundled software uninstaller
[2013/09/19 15:58:29 | 000,000,000 | ---D | C] -- C:\Users\Mehta\AppData\Local\Conduit
[2013/09/19 15:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/09/19 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/09/19 15:57:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/09/19 15:57:36 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/04/24 18:29:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\-vDnQEAwcbwJjBRr
[2012/04/24 18:29:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\-vDnQEAwcbwJjBR
[2012/04/24 18:29:23 | 000,000,256 | ---- | C] () -- C:\ProgramData\vDnQEAwcbwJjBR
[2012/04/24 17:03:34 | 000,000,176 | ---- | C] () -- C:\ProgramData\-X6plmS6LuV0qVlr
[2012/04/24 17:03:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\-X6plmS6LuV0qVl
[2012/04/24 17:03:18 | 000,000,256 | ---- | C] () -- C:\ProgramData\X6plmS6LuV0qVl

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

The logs are attached. What’s a reparse point?

It is a way of getting a known programme to run a malware programme

Directory of C:\Program Files\Windows Defender 11/21/2010 03:06 AM en-US [c:\windows\system32\config] 07/13/2009 09:41 PM MpAsDesc.dll [c:\windows\system32\config] 05/27/2013 01:50 AM MpClient.dll [c:\windows\system32\config] 07/13/2009 09:39 PM MpCmdRun.exe [c:\windows\system32\config] 05/27/2013 01:50 AM MpCommu.dll [c:\windows\system32\config] 07/13/2009 09:29 PM MpEvMsg.dll [c:\windows\system32\config] 07/13/2009 09:41 PM MpOAV.dll [c:\windows\system32\config] 07/13/2009 09:41 PM MpRTP.dll [c:\windows\system32\config] 05/27/2013 01:50 AM MpSvc.dll [c:\windows\system32\config] 07/13/2009 09:39 PM MSASCui.exe [c:\windows\system32\config]

How is the computer behaving now ?

I still have Norton and still get notifications about it. It was just a trial version that came with the computer. How to I get rid of it completely? However, the Comodo seems to have gone.

Norton removal tool https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

What is Norton reporting ?

Thanks. It is now completely uninstalled. It was just saying that my subscription ended and that I should renew it.

Any further problems before I tidy up ?