Hi, I have a problem with the virus getusaaall.info. My Avast antivirus strip me a threat in relation to this virus, in relation to the process Windows/system32/svchost.exe. Use programs such as the Malwarebytes, and others who recommended for the solution of such problems. The case is that the virus continues to war and I want to delete it once and for all. To see if I can help solve this problem.
Thanks in advance !
I attach the logs as soon as possible.

Hi :slight_smile:

Just FYI - I’m monitoring this thread, so when you’ll attach the logs I will take a look at them.

Cheers,
Naat :slight_smile:

The logs are attached.

Hi,
Naathim is currently unavailable due to his slots been filled. I will be helping you instead. Please allow me some time to review your logs and I will administer a fix presently. Thank you for your forbearance.

Ok,thank you for helping me.

Hi,

  • Step #1 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      [li]µTorrent
    

    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

      - [url=http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt128.shtm][b]P2P File-Sharing: Evaluate the Risks[/b][/url]
      - [url=http://www.cuhk.edu.hk/itsc/about/p2p-risk.html][b]ITSC: Risks in Peer-to-peer File Sharing[/b][/url]
    

    Note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.[/li]


  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    [li]Open Notepad.exe. Do not use any other text editor software;
    - Copy and Paste the contents inside the code-box to your Notepad
    [/li]
Start
AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => "c:\progra~2\sn0310~1.boo" File Not Found
c:\progra~2\sn0310~1.boo
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=1387&r=2014/05/16&hid=12643161157351966323&lg=EN&cc=RO&unqvl=52
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-06 13:40 - 2014-07-06 13:40 - 00000000 ____D () C:\Program Files (x86)\DigiCoupon
2014-07-06 13:41 - 2014-05-16 21:18 - 00000000 ____D () C:\ProgramData\712b8a1ff34136ba
C:\Users\Flo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Flo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Flo\AppData\Local\Temp\nvStInst.exe
C:\Users\Flo\AppData\Local\Temp\ose00000.exe
C:\Users\Flo\AppData\Local\Temp\sSetup-se.exe
C:\Users\Flo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Flo\AppData\Local\Temp\Uninstall.exe
C:\Users\Flo\AppData\Local\Temp\utt1626.tmp.exe
C:\Users\Flo\AppData\Local\Temp\xReflect.exe
C:\Users\Flo\AppData\Local\Temp\_is3735.exe
Reboot:
cmd: ipconfig /flushdns
End
  •   [li]Click on [b]File[/b] > [b]Save as...[/b]
    

[list]
[li]Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
[/li]
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;

		[li][b]Note[/b]: If FRST advises there is a new updated version to be downloaded, do so/allow this.
	[/li]
	- After the completion, a log will be produced;
	- Attach the log in your next reply.
[/list][/li]

  • Step #3 Fix with AdwCleaner

      [li]Download [b]AdwCleaner[/b] by [i][b]Xplode[/b][/i] to your [i]Desktop[/i] from the following link.
    

[list]
[li]Download Link #1
- Download Link #2
[/li]
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Attach the log in your reply.
[/list][/li]


  • Step #4 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2

      [li]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself [url=http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]this[/url] article;
      - Run the program either by double-clicking(Windows XP) or Right-clicking and choosing [i]Run as administrator[/i](Windows Vista and above);
      - Please be patient as the tool cleans your system;
      - After completion of the process a log named [b]JRT.txt[/b] will automatically open and is save to your Desktop;
      - Attach the log in your next reply.
    

    [/li]


Re-run FRST and click on Scan. Post the log when done.


  • Required Log(s):

      [li]FRST Logs --
      - [list]
      	[li]FRST Fix Log
      	- FRST Scan Log
      [/li]
      - AdwCleaner Log
      - Junkware Removal Tool Log
    

    [/list][/li]
    Regards,
    Valinorum

FRST Logs –

FRST Fix Log - http://m.uploadedit.com/b037/1405012206257.txt
FRST Scan Log - http://m.uploadedit.com/b037/1405012264624.txt

AdwCleaner Log - http://m.uploadedit.com/b037/140501230853.txt

Junkware Removal Tool Log - http://m.uploadedit.com/b037/1405012345848.txt

Are you getting the svchost.exe warning?

No,thanks for helping me.
If I will have problems,I will contact you.
Thank you again.

Surf safely.