sorry forgot to attach the file… combofix log
I just cleaned a client’s computer that had Tenga- his came through a remote attack where the attacker was trying to run a CounterStrike server off the machine. Anyhow, Avast started automatically moving infected files to quarantine which was not ideal. Tried a boot-time scan but all it could do was delete files as none of them could be dis-infected. Thankfully, after the 3rd file, I quit the scan and booted back into safe mode.
I found Avast’s Aswclnr.exe which is a cleaner specifically for Tenga. Over 2900 files were infected, pretty much every exe on the PC whether it had been run or not. The cleaner managed to dis-infect all but a couple exe files.
Note- during this, I had to turn Avast off ‘permanently’ so I didn’t lose any more files to quarantine. After the first run of Aswclnr.exe, I then restored the files that Avast had quarantined and ran the tool again to clean those.
Highly recommend you get this tool and use it- nothing else I tried would clean the files, they all just wanted to delete. You do NOT want to clean up that mess!
Download AswClnr to your desktop
Disable all Antivirus programmes
Right click the file on the desktop and select “Run as Administrator”
https://dl.dropboxusercontent.com/u/73555776/aswclnr.JPG
Press Start Scanning
Once it has completed there will be a log on the desktop called aswclnr.txt
Please attach that
i went to avast install and tried to run aswcln.exe but nothing happened ran as admin still nothing…
Could you reboot to safe mode please and try it there
i got it working thanks… waiting for the log and ill pass it along…
OK I may be going off line soon, but I will look tomorrow morning
ok thanks a lot… ill let it scan over night seeing as its got a 1tb and 2tb hard drive to scan to scan…
OK that is a shed load of data
aswcln log
there was no log saved to desktop. any other places it might save? i have looked around and found nothing…
nice… found the log… aswclnr log
Just one that it failed to repair out of 118
How is the computer behaving now ?
fine… but let me first repair the files in avast chest then see if the tenga virus attaches its self again… im hoping the root of the virus is gone…
OK keep me updated as I do have a few further tools to use if needed
hi sorry i didnt reply straight away i wanted to wait a few days and see if the virus came back… but it didnt and i can play hon, and all my other games in piece, and my windows update option has come back… i noticed that i couldnt update via windows update the option was there but when i clicked i gave me an error that i now see has gone… i gather the virus stopped my windows update exe… any way thanks allot to all the guys that helped 8) ;D i will continue to support avast… regrads mike. ad i special thanks to essexboy…
check back later today and he will remove the tools used. 
It’s amazing how some of the old tools still work, I will put that one back in my toolbox ;D
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Delete AswClnr from the desktop
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
https://dl.dropbox.com/u/73555776/disc%20clean.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe 
guess what guys… i am back… trust old tenga virus to attach its self again>>>> every thing was fine… all i did was go to wiziwigs to watch the sports online and it started again… avast pops up with virus detected. and its just those few game.exes and program exe files that keep getting affected. i repaired the files with avast and it worked… then scanned clear, a few minutes later it some how attached its self again to my game.exes. u said last time that borderlands 2 1.4 update may be causing the problem. i still have the file on my pc (it didnt pick up any viruses when avast scanned the file) and it might be some how instructing the virus to keep attaching its self… but this is just my guess… (in fact it may have attached to a few more files this time seen as its a worm it just may have)
wow avast is useless… my pc it just going mad… every single exe is getting infected… while avast just deleted them… whats the point if it cant stop the virus really