Skegnessasc Virus/Malware

Hello,

since a couple of days, my Virusscan is blocking a thread from skegnessasc.org. Depending on the network it happens every five minutes, sometimes up 30 times per block. I tried to remove the source, but somehow the messages keep appearing.

Log files as requested in the “Logs to assist in cleaning malware” topic are in the attachment. My apologies to the several languages in the log files and a huge thanks in advance for any advice or tip to resolve this problem. :slight_smile:

Language is not a problem, let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: U3 McAPExe; kein ImagePath U3 McMPFSvc; kein ImagePath U3 McNaiAnn; kein ImagePath U3 mfecore; kein ImagePath U3 MSK80Service; kein ImagePath AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [131] AlternateDataStreams: C:\Users\Boy d'Hont\Lokale Einstellungen:lxlIPrArBBaPkytn7teQtO [2242] AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local:lxlIPrArBBaPkytn7teQtO [2242] AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local\Anwendungsdaten:lxlIPrArBBaPkytn7teQtO [2242] AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local\Temporary Internet Files:LVk4kAsV1d44NcqKfviL1 [1998] Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that