.
Instructions https://forum.avast.com/index.php?topic=53253.0
Below the box you write in Attachments and other options
Monitoring; your logs will confirm the infection so please post them as soon as possible. Thank you.
.
That will do nicely!
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
globalupdate Helper
YTDownloader
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-06-09] (YTDownloader) C:\Program Files (x86)\YTDownloader Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2093115275-1285576183-1101400538-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2093115275-1285576183-1101400538-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-06-09] (YTDownloader) HKU\S-1-5-21-2093115275-1285576183-1101400538-1001\...\MountPoints2: {8e98a557-0e94-11e5-825d-0021ccc191de} - "D:\SETUP.EXE" HKU\S-1-5-21-2093115275-1285576183-1101400538-1001\...\MountPoints2: {9643b040-26e7-11e5-8266-0021ccc191de} - "E:\WD SmartWare.exe" autoplay=true HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg HKU\S-1-5-21-2093115275-1285576183-1101400538-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF SelectedSearchEngine: oursurfing StartMenuInternet: FIREFOX.EXE - firefox.exe R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-09] () S1 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-09] (YTDownloader) S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-09] (????) C:\Windows\System32\drivers\tsskx64.sys S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [X] S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X] C:\Program Files (x86)\Tencent\QQPCMgr 2015-06-25 22:07 - 2015-06-09 23:20 - 00000000 ____D C:\Program Files (x86)\YTDownloader 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\aosupporter\AppData\Roaming\1Z1Cs5sB2Z8W 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\aosupporter\AppData\Roaming\GIT8Uqd8YWUOcyL9VSJ C:\Users\aosupporter\AppData\Local\Temp\ose00000.exe Task: {05F77937-A480-41FC-914D-82E5FC2D05A2} - \SPDriver No Task File <==== ATTENTION Task: {2AF2860D-CEB4-4C80-A1F5-022D051CA09A} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-09] (YTDownloader) <==== ATTENTION Task: {5144B0F5-B3CB-472B-8A75-8BC9089CB69E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {86A5D115-B3F5-43C6-9673-1B71D1E41A0D} - System32\Tasks\{387FC0D5-6596-4417-87E1-74A517BAE1A4} => pcalua.exe -a D:\Autorun.exe -d D:\ Task: {A23988D7-8C5D-4F05-8AD5-4CC25642376F} - \SPBIW_UpdateTask_Time_333530343336323537352d6c5b5a345b4132452d5a346c No Task File <==== ATTENTION Task: C:\Windows\Tasks\YTDownloader.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\YTDownloaderUpd.job => C:\Program Files (x86)\YTDownloader\Updater.exe <==== ATTENTION 2015-06-09 11:56 - 2015-06-09 11:56 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Start FRST that is on the desktop by right clicking on file and selecting “Run as Administrator…” and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Also, inform me of how your system is running now.
.
Did the uninstalls work without errors?
How is your system running now?
.
Sorry about that; will try and be more thorough in the future!
Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box and right click on it and select copy (or you can just click on the (select) next to Code Box). Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start
CreateRestorePoint:
CloseProcesses:
FF SelectedSearchEngine: oursurfing
EmptyTemp:
Reboot:
end
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.
The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Also, tell me how your system is running now.
.
Download zoek.exe from here to your desktop: Zoek.exe at Bleepingcomputer
- Close/disable all anti virus and anti malware programs so they do not interfere with the download or running of Zoek.exe
(Here or here you can read a manual on how to disable your security applications.)- Doubleclick zoek.exe to start the program.
- Copy and paste the following script in the code box:
- Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
createsrpoint;
autoclean;
chrdefaults;
FFdefaults;
bitsadmin /reset /allusers >>"%temp%\log.txt";b
emptyalltemp;
resetIEproxy;
ipconfig /flushdns >>"%temp%\log.txt";b
- Close any open browsers.
- Click the Run script button and wait patiently.
- When finished the logfile will be opened in notepad.
- If a reboot is needed the logfile will be opened after reboot.
- The zoek-results.log can also be found on your systemdrive.
- Please post the logfile for further review in your next comment.