I scanned my PC today and it found this rootkit, when I try to remove it it gives me an error message
Here is a ScreenShot
http://gyazo.com/f914b9c84494eb2182f5f81265fa1f53.png
PLease help!
I scanned my PC today and it found this rootkit, when I try to remove it it gives me an error message
Here is a ScreenShot
http://gyazo.com/f914b9c84494eb2182f5f81265fa1f53.png
PLease help!
Please attach your logs. (MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
When I try to Run aswMBR after couple of seconds it stops working and windows forces it to stop I don’t know why
Try to run it in safe mode.
Part of an adware updater
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=3211319
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2109184508-2337640333-1632547973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE - HKU\S-1-5-21-2109184508-2337640333-1632547973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST1000DM003-9YN162_W1D0Y5H8XXXXW1D0Y5H8&ts=1377251670
IE - HKU\S-1-5-21-2109184508-2337640333-1632547973-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-2109184508-2337640333-1632547973-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
O4 - HKLM..\Run: [tutoriales100_es_29] File not found
[2013/09/07 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Web Cake
:Files
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY
Please download Junkware Removal Tool to your desktop.
[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.
Did you run AdwCleaner as well ?
How is the computer behaving
O yes sorry I forgot about AdwCleaner here you go, and my PC is going well so far… no BSoD since yesterday
If all is well tomorrow then let me know and we will tidy up
Sure, thanks for helping ^^ Loved how fast you helped me