Trojan that disabled Avast. Please help!

Windows 7 Home Premium Edition, not sure if that makes a difference or not. Saw others with the same problem. System was very slow to start up. Realized that my Avast! wasn’t running and saw it was disabled. System would not allow me to enable it. Saw that there was some coding provided to paste into OTL to run the fix but it was made clear that the specific coding for the situation were derived from the logs from OTL and AdwCleaner.

Ran AdwCleaner and OTL. Didn’t manually save the log from AdwCleaner and not sure if it’s saved somewhere. Attached logs from OTL. If someone can tell me how to find the log from running AdwCleaner, I’ll be happy to post it also. Thank you!!

Found those AdwCleaner logs. Have two sets since the first time I didn’t clean everything but the second time I did.

we also need Malwarebytes and aswMBR logs …see instructions here http://forum.avast.com/index.php?topic=53253.0

Working on the other two logs now. Thank you!

Hi Marissa

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Here are the two txt files from Farbar! Still need the logs from Malwarebytes and aswMBR?

Malware Bytes logs

You have two antivirus programs MSE and Avast. Uninstall MSE (Microsoft Security Essentials).

I will uninstall MSE. Here is the log file from aswMBR.

After uninstalling attach here a new FRST log.

New FRST log as requested.

Now is OK.

I see no present or active malware.

Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

What is the situation now with AVAST?

Avast is up and running. Just want to be sure the trojan is is 100% gone, please.

I see no present or active malware.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you so very much!! Working on DelFix now. ;D