The folder c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ is getting really big. When i say big i mean 30Gb+
I recently proceed with a format on my PC for different reasons but also because i use to have the above problem.
After format everything seems nice and i thought “my pc is clean now” … my programs work like lighting etc.
I install again Avast antivirus and after playing with the new UI I end up to the statistics page.
I notice that in Last scanned item section Avast seems to scan item on pages I never ask or never saw before like www.tuff-kid.com and many many youtube pages.
Additionally to that I notice that i was “accepting” data from internet even with my browser closed. I don’t know where this data stored after all but i think again in the above path.
So i start to looking for a solution.I found an article about this problem caused by IE10 … i uninstall IE10 (never use it anyway) and now i have IE9. I install MBAM … everything clean. I install Spybot … everything clean. I delete manually every temp folder i found (inside windows/temp was tricky). I run ESET online … nothing again. I run TDSSKiller … everything clean. I run NPE … found some problems (programs that i use) but i check the files with different online file scanner and was totally clean … so i did’t remove it as NPE suggest. I allowed NPE to repair the registry.
Right now I’m measuring each time the data that I “accept” from internet without browser running and is almost 35 Mb in every restart.
It looks like someone is using my pc. I don’t know how but it is obvious … unless someone from you guys have a decent explanation.
Is there any way to find out if this is a virus or not, and if yes how to clean it.
Thank in advance.
Hi,
(First deleted by OP. Reported to a Mod to be fixed)
- You’ve asked for a mlware check. Please follow this thread and run the following programs in the ordered list. The programmes you’ve already run, attach those logs as that may hep find a solution to your issue(s).
Adwcleaner, MBAM, OTL, AswMBR.
http://forum.avast.com/index.php?topic=53253.0
After #1 & 2 have been completed I will notify the Experts to assist you.
Hi again
Below is the log files that you ask
OTL.txt is breaked at OTL1.txt and OTL2.txt because of the maximum total size restriction
Thank again.
The remaining logs
Hi, Thank you. I’ve notified TwinHeadedEagle to assist you. Given that OTL log had to be split into two (2) I’d say something is indeed wrong. He’ll either send you on your way or help you fix any issues present on your system
I’m on it. Reporting back soon as I look at the logs …
@alan1998
I've notified TwinHeadedEagle to assist youIn future, If you're already willing to inform the malware removal experts here about new topics and posted logs, then send these notifications to all team members listed [url=http://forum.avast.com/index.php?topic=53253.0]here[/url] or currently active helper, not just to one.
@ bill_dwnld
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )
------ Next -------
Re-run OTL, just hit the QuickScan button and post me fresh created OTL.txt logreport.
i am also having problems with deleting my temporary internet files… it takes up a lot of my space… i browsed through the settings but i need more help for auto deleting such files
@somran
Run this tool. Please download TFC by OldTimer to your desktop
[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
If that doesn’t fix your problem, then follow instructions from here, open new topic and post AdwCleaner, Malwarebytes, OTL and aswMBR reports.
http://forum.avast.com/index.php?topic=53253.0
Hi Magna86
Thanks for your help
Below is the requested log file
Just a few seconds for the fresh OTL report
This is the OTL Report
It was already checked the LOL and Purity Checked
Open notepad and copy/paste the text present inside the code box below:
ClearJavaCache::
Folder::
c:\programdata\Norton
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Is there any improvement after running ComboFix using CFScript?
The time that you reply i was ready to send a message.
The problem seems to be solved. Now the quantity of the data downloading looks logical.
I ’ m ready to follow instructions to clean the system completely and if it is possible to inform me for the source of the problem in order to avoid future problems.
Thanks again
Hello again
As i write you, even before i apply the script with Combofix, the internet connection looks logical … I mean usually in every restart before open a browser i use to have 35 - 40 Mb of data Download and now even after normal browsing (emails etc) the data downloaded was below 15 Mb
After applied the script with Combofix (I have already sent you the log) the data connection continue to look OK.
One thing that I noticed is the Dropbox agent doesn’t work.
Hi,
I’m glad to hear that everything is back to normal. I can’t tell why dropbox doesn’t work as it shouldn’t be malicius origin.
You had mal_javascript files loaded from temporary internet files and lots of junk temp files. We clean all that.
I shall remove used tools.
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
I recommended you to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Thank you magna86
Best Regards
Vasilis