Hi All
Mom contacted ISP Comcast, and they suggested removing Avast, well I can’t even open Norton now, file name is akbavny.exe (Google Chrome it says after it) I can’t upload the picture of task manager as the file is too big sadly, ending the process doesn’t help, Norton won’t open, any suggestions on what to do? she uses this PC for banking, and such
Avast, well I can't even open Norton nowdo you have avast and Norton installed? .... that may be reason for your trouble
Only install one AV
General: Uninstalling a third-party antivirus software https://www.avast.com/faq.php?article=AVKB11#artTitle
Never use two antivirus at the same time… They will conflict for sure.
Collection of Uninstallers / Removal Tools for All Popular Anti-Virus Software.
Avast teaches you how to remove them: http://www.avast.com/en-us/faq.php?article=AVKB11#articleContent
One Antivirus installed
She says used Avast removal tool prior to installing Norton
One Downloader Trojan found so far
i’ll try to post picture I took with cell phone
see instructions here https://forum.avast.com/index.php?topic=53253.0
run Malwarebytes and Farbar Recovery Scan Tool as instructed, then attach the logs
yup Scans running now, Malwarebytes, 6 Trojans found so far, will post logs soon as I can
Logs now attached below
Still waiting on aswmbr scan to finish, but here is logs that are done, Malwarebytes scan I did without rootkin scan selected on accident first time, then did it again later on with rootkit scan selected, Farbar scan, eset online scan again, nothing found, and then with Norton Security Suite again (eventually putting Avast back in I think), aswmbr scanning now
Hi Patrick2,
Are you spamming the place as you already opened cleansing requests at various other places:
This is a website of questionable web reputation, you probably won’t find the right removal guidance there:
http://help.howproblemsolution.com/1236000/possible-infection-mom-s-pc (posted 10 hours after you posted here)
This was tried at the same time you posted here: http://www.neowin.net/forum/topic/1242324-possible-infection-moms-pc/
polonus
Yes i’m not spamming, I posted for assistance on both sites, guess maybe I shouldn’t have, but I decided to ask for help there on Neowin, so I could get it fixed fairly quickly and back to normal. My fault, normally I just ask in one spot.
http://help.howproblemsolution.com/1236000/possible-infection-mom-s-pc (That wasn’t me on that site) I only went to Avast and Neowin.net
Guess I paniced since that was first infection in years. I should’ve also just kept Avast installed and not helped Mom install Norton as recommened by Comcast Tech Support. Avast alerted at 2:30a.m. Threat Detected last night, when I woke up this morning, I guess I paniced in trying to get it cleaned, Mom called Comcast support first, they suggested Norton to be installed, and then work on it from there, after couldn’t open Norton after install, then I paniced, and posted in too many spots
OK, if you are above board, then follow removal guidance from a qualified remover here.
In the mean time you can read this information about the malcode at hand: http://www.malwareremovalguides.info/trojan-win32-tracur-av-removal-instructions/
Do not try to perform this malware cleansing but do it under guidance of a qualified removal expert here, follow the instructions to the dot.
As it is well after midnight here in Western and Central Europe you may have to wait until to-morrow for a remover to appear as most are now “on one ear”.
polonus
Will do, will follow removal guidance here fully
removers are in bed now, check back tomorrow
ok will do, and posting last log for today, aswmbr on this reply
Let me know what problems you are having after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: CHR Extension: (example) - C:\Users\OEM\AppData\LocalLow\iSite\Kvgiipelj\usfcmbextdjz [2015-01-05] CHR Extension: (example) - C:\Users\OEM\AppData\LocalLow\iSite\Kvgiipelj\Bvpnnmj [2015-01-05] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Machine seems to be running the requested scans fine, Internet Explorer still a little slow to open, (actually decided to proceed with wipe of the hard drives, as Mom does her banking on that PC, I sorta didn’t feel safe trying to fully clean it off of the Trojan viruses, yesterday the one process was running constantly, I know I asked for help here in cleaning it, guess I should’ve waited prior to starting the disk wiping with Dban boot and nuke.
The backup files will scan will keep separated from Other PC’s and also rescan those with Avast before I connect external drive to this PC, and make her driver CD for when it’s fully ready for that. As for how infection happened that is a mystery as she said didn’t click on anything suspicious prior to this, Avast alerted that evening at 2:30a.m., Threat Detected, and went from there.
She called Comcast Support early yesterday, woke me up, and told me remove Avast and Install Norton per the Comcast Tech, so used Avast uninstall thru add/remove, then avast removal tool, installed Norton security suite (for a while that didn’t work properly), Definitely should’ve just kept Avast installed
It was just a few bad chrome addons easy to remove manually… Norton wouldn’t find them either
Only problem was Chrome wasn’t installed, only had Internet Explorer installed in Windows Vista 32bit there. So don’t even know how the extension even ended up running in the first place
Hmm something installed the base files, I need to keep my eye out for this one
Chrome: ======= CHR Profile: C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05] CHR Extension: (Google Drive) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05] CHR Extension: (YouTube) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05] CHR Extension: (Google Search) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05] CHR Extension: (Google Wallet) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05] CHR Extension: (Gmail) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05] CHR Extension: (example) - C:\Users\OEM\AppData\LocalLow\iSite\Kvgiipelj\usfcmbextdjz [2015-01-05] CHR Extension: (example) - C:\Users\OEM\AppData\LocalLow\iSite\Kvgiipelj\Bvpnnmj [2015-01-05] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-06]
Rescanning her backup files while her PC is in wipe hard drives mode, just to make sure those are clean, just backed files onto external drive off that machine like a day or two ahead of time. Wish I had taken screenshot then of all installed items, did do a belarc advisior profile of the machine yesterday in fact…Google Chrome not listed all on lol.
So very strange Trojan, extension there for sure.
Had you used the portable version of chrome at any stage ?