Trojan.Agent.FDP

Viruses and worms
21

Hi,

ESET will normally find entries that need to be removed because of how it is ran. There is no antivirus program that stops everything 100% of the time. I am glad you will continue to use Avast. :slight_smile:

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

22

Scary! After running Combofix I had to restart because all progs were marked for deletion? :o

23

Just reboot your system and that should clear it up. It may take more than one reboot but it is not a problem. :slight_smile: Let me look over the logs and I will return as quick as I can.

24

Hi,

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\yiannis\AppData\Roaming\Mozilla\Firefox\Profiles\muf2cnwt.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100581&babsrc=adbartrp&mntrId=10b21da80000000000000026186a3d58&q=

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Attach the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

25

Have attached the log! :slight_smile:

26

[list]Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

As a Vista/Win7 user you will need to right click your browser icon and select “Run as Administrator” in order to run this scan.

[]Do not use this instance of your browser for anything besides doing this scan
[]When the scan is complete and the results saved, close that instance of your browser
[*]Open a new one the usual way and post the results in this topic.

[]Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.

[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[*]Click the Start button.
[]Accept any security warnings from your browser.
[]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish

http://www.eset.com/onlinescan/

In your next reply please post the logs made by Malwarebytes and ESET.

27

My system now boots after exactly 3 minutes 30 seconds!

After more than 4 hours of scanning ESET did not find anything. Please see attached log :slight_smile:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
yiannis :: YIANNIS-PC [administrator]

4/25/2012 4:48:39 PM
mbam-log-2012-04-25 (16-48-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260290
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

28

Hi,

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


File::
D:\DOWNLOAD\Power director9\CyberLink.PowerDirector.9.00.2330\Crack\hfs-files.zip	
D:\DOWNLOAD\Power director9\CyberLink.PowerDirector.9.00.2330\Crack\PD9CodecReg.exe	
F:\YIANNIS-PC\Backup Set 2011-06-19 124342\Backup Files 2011-06-19 124342\Backup files 297.zip	
F:\YIANNIS-PC\Backup Set 2011-06-19 124342\Backup Files 2011-06-19 124342\Backup files 300.zip	
F:\YIANNIS-PC\Backup Set 2011-06-19 124342\Backup Files 2011-06-19 124342\Backup files 61.zip	
F:\YIANNIS-PC\Backup Set 2011-06-19 124342\Backup Files 2011-06-19 124342\Backup files 67.zip	
F:\YIANNIS-PC\Backup Set 2011-06-26 115653\Backup Files 2011-06-26 115653\Backup files 3.zip	
F:\YIANNIS-PC\Backup Set 2011-12-07 203945\Backup Files 2011-12-07 203945\Backup files 3.zip	
F:\YIANNIS-PC\Backup Set 2012-03-16 160752\Backup Files 2012-03-16 160752\Backup files 8.zip

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

In your next reply attach the new ComboFix log and let me know how your system is running. :slight_smile:

29

Hope this fixes the problem. :wink:

30

How is your system running? :slight_smile:

31

Had some problems connecting to the web but Win7 fixed it. Also boot time from button press to being able to use PC = 3 minutes 5 seconds. There is a considerable delay before the Date Gadget appears. When that appears on desktop then I am able to use the PC.

32

Hi,

There could be many reasons why a system may be slow besides malware. Let’s try this and see if it helps…

Download TFC to your desktop

[*]Close any open windows.
[*]Right-click and Run as Administrator the TFC icon to run the program
[*]TFC will close all open programs itself in order to run,
[*]Click the Start button to begin the process.
[*]Allow TFC to run uninterrupted.
[*]The program should not take long to finish it’s job
[*]Once its finished it should automatically reboot your machine,
[*]if it doesn’t, manually reboot to ensure a complete clean

33

I can use the PC after 3minutes 20 seconds from button press. My system used to boot very fast. I used TFC and also I keep my machine clean. The only thing I do not use and never will are REG Cleaners. But in all honesty my machine once it has booted it runs very fast indeed.

Once more I cannot thank you more for your time and attention! One reason I always used AVAST is because the Avast community is so understanding and helpful. I only wish those Microsoft people were as helpful too. :slight_smile:

34
The only thing I do not use and never will are REG Cleaners.
Good idea. :)

You might try defragging your system as well. That may help out the boot time.

Ok…glad that we could be of help. :slight_smile: