Trojan Horse Downloader.Generic13.bzwa

Viruses and worms
1

i have this nasty virus :frowning: pls can anyone help? ty for your time :slight_smile:

2

follow guide and attach logs, not copy and paste. http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done a removal expert will be notified

3

i’m now starting with adw cleaner but do i start cleaning or just do scan?

4

When done scanning, press “Clean”. Attach the log. Then do MBAM, then OTL

5

her is first log

6

Monitoring …

These logs are indicate that lots of bad PUP has been deleted. Now run Malwarebytes per instruction and allow him to target the remains.
If any does remain undetected, OTL logs shall tell us that. You may skip aswMBR scan for now …
http://forum.avast.com/index.php?topic=53253.0

7

Thank you Magna for coming.

Follow Magna’s advice. He will help you a lot more then I can :).

8

her is malware scan but i’m not sure if i doo apply action :confused: to many is detected :confused: what do i do?

9

her is malware log file

10

Hi djshima,

Please do not make you feel scared by detections and feel free to follow instructions to the letter. :wink:

Could you now please run OTL scan and attach here OTL.txt and Extras.txt reports? :wink:

11

her is OTL log

12

some info for you to read…next time you see PUP detections
https://helpdesk.malwarebytes.org/entries/23482988-What-are-the-PUP-detections-are-they-threats-and-should-they-be-deleted-

http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/

http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/

13

Hi,

This fix shall tell OTL to preform some additional cleaning … note that your desktop will disappear at the moment plus firefox browser shall be shutdown.
When OTL finish his work, it will ask you to restart the mashine. After reboot, allow OTL to re-run (click on Run) and everything will be back to normal …

Let’s start …

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:COMMANDS [CREATERESTOREPOINT]

:PROCESSES
KillAllProcesses
firefox.exe

:FILES
dir C:\Documents and Settings\ljaljo\Application Data\vlc /c
dir C:\Program Files\Common Files\SpeechEngines /c
dir C:\Documents and Settings\ljaljo.rnd /c
C:\WINDOWS\System32*.tmp
C:\WINDOWS*.tmp
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
C:\Documents and Settings\ljaljo\Application Data\Mozilla\Firefox\Profiles\zpzbmgtt.default\extensions{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
C:\Documents and Settings\All Users\Start Menu\Programs\SweetPlayer
C:\Program Files\SweetPlayer

:OTL
FF - prefs.js…browser.search.defaultenginename: “Ask Web Search”
FF - prefs.js…browser.search.defaulturl: “”
FF - prefs.js…browser.search.selectedEngine: “Ask Web Search”
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=4E05CD48-3F7B-4B2E-A92C-2B727AC0A2FD&n=780bae96&p2=^XR^xdm006^YYA^rs&si=CN79qIm8lb0CFQoYwwod7hQAVQ
FF - prefs.js…extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.defaultenginename.prev: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.defaultenginename.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.defaultenginename.tb: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.selectedEngine.prev: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.selectedEngine.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.4zMembers.browser.search.selectedEngine.tb: “Ask Web Search”
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=DE72E138-70E2-41D0-8EB3-E05FF4A9231B&n=780bd98a&p2=^0D^xdm271^YYA^me&si=slot62571
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=5FF5107B-BB14-4626-BF7F-39F44C8543D7&n=780bac3e&p2=^HJ^xdm238^YYA^rs
FF - prefs.js…extensions.toolbar.mindspark.57Members.browser.search.defaultenginename.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.57Members.browser.search.defaultenginename.tb: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.57Members.browser.search.selectedEngine.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.57Members.browser.search.selectedEngine.tb: “Ask Web Search”
FF - prefs.js…browser.startup.homepage: “true”
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=DE72E138-70E2-41D0-8EB3-E05FF4A9231B&n=780bd98a&p2=^0D^xdm271^YYA^me&si=slot62571
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.defaultenginename.prev: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.defaultenginename.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.defaultenginename.tb: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.selectedEngine.prev: “Ask Web Search”
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.selectedEngine.savedPrev: “true”
FF - prefs.js…extensions.toolbar.mindspark.j2Members.browser.search.selectedEngine.tb: “Ask Web Search”
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=5FF5107B-BB14-4626-BF7F-39F44C8543D7&n=780bac3e&p2=^HJ^xdm238^YYA^rs
FF - prefs.js…browser.startup.homepage: “http://home.tb.ask.com/index.jhtml?ptb=4E05CD48-3F7B-4B2E-A92C-2B727AC0A2FD&n=780bae96&p2=^XR^xdm006^YYA^rs&si=CN79qIm8lb0CFQoYwwod7hQAVQ
FF - prefs.js…keyword.URL: “http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=4E05CD48-3F7B-4B2E-A92C-2B727AC0A2FD&n=780bae96&ind=2014031510&p2=^XR^xdm006^YYA^rs&si=CN79qIm8lb0CFQoYwwod7hQAVQ&searchfor=

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

14

Delete everythnig MBAM found.

Magna will look at OTL

15

Michael … really? ???

16
17

THat’s a lot of Junk! 145.1515502929688 MB

18

djshima, post me fresh OTL.txt log (re-run OTL and just hit QuickScan button) for re-view. And tell me, how is the computer behaves now?

19

her is new OTL scan

20

… i dont now for now but i know that when i go to google

When i type on google “something” and click on first link with left click it opens like i did Right click on mause and click “Open Link In new tab” i dont think that is normal :confused: i think when i left click link in google search it must open page at same page not open another page :confused:

down are the images what i did