Seeking Help in Cleaning Malware

Hello,
I followed all the steps except for the last one after RogueKiller. Is it really necessary to Boot the computer? It seems complicated (for me). :slight_smile: Attached are the log files. Please let me know if there is anything else that is missing. Thanks so much for your help!

Hello and welcome to Avast! Forums.

No, it is OK like that. Just missing Malwarebytes logs and Extras.Txt for OTL.

I will notify malware removers, but you have to wait. most of them live in UK and Europe and it is bed time now.

Thanks so much for your prompt reply! It’s much appreciated!

No problem. You are welcome. Malware specialists were notified. Due to different time zones it may take a while before you get a responce.

Hi hulagirl,

Did you know that you have a keylogger?
Do you want to remove?

Hi Argus,
I installed that months ago, and since the trialware ended, I should uninstall. So, the answer is yes, please.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:files
C:\Program Files\Spyrix Free Keylogger
ipconfig /flushdns /c

:OTL
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1002\..\SearchScopes\{4864315E-A06A-4C63-BAD8-67310F7B99AA}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN16039982122139248&UM=2
O4 - HKLM..\Run: [kbdsprt]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: localSPM = C:\Program Files\Spyrix Free Keylogger\spkl.exe ()

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

.

Please download Farbar Recovery Scan Tool and save it to your desktop.

[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How long does it normally take? I think that something is awry as it is not responding. It seems frozen.

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Here’s the log from Combofix. Thanks so much for your help!

Open Avast sandbox
http://www.youtube.com/watch?v=lXz6drEx8os

See which process is run from sandboxie.

Ok, I viewed the video that shows how to disable the auto sandbox. What process am I to run?

Some program is running in sandbox, anyway I see no malware in logs.

What process am I to run?

I do not know, but it is not malware.

So then all Malware has been deleted, and there is no need to be concerned?

System is clean do not worry.

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.