Trojan :(

I’ve been infected yet again. :frowning: I’m sorry to have to come again with my logs. Any help would be most appreciated! :slight_smile: I hope everyone has a wonderful day.

One more additional log. :slight_smile: Thank you sincerely in advance.

hey i will drop a note to one of our malware expert here on the forum for you.

Monitoring 8)

@greengarden

Hi, :slight_smile:

[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.


Step#1

Follow instructions from this page for running RogueKiller
http://forum.avast.com/index.php?topic=53253.0

Attach here all RK report.txt


Step#2

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Step#3

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Thank you both @mikaelrask and @magna86 for your most appreciated helpfulness and apologies for my belated response! :slight_smile:

I have completed the RogueKiller instructions and am attaching the 3 reports. For some reason, my mouse (or cursor) is acting crazy since I did the RogueKiller test. Is this normal? It’s just bouncing all over the place from time to time as if it has a mind of its own. :stuck_out_tongue: I will do the TDSSKiller next accordingly.

And here is the TDSSKiller log. :slight_smile: Thank you so much for your amazing help! :slight_smile:

So I just finished running the ComboxFix (which took about 30 minutes) but I have a embarrassing confession to make: I forgot to turn off/disable Avast prior to doing so. I’m usually good at taking directions, but I’m exhausted and I was too eager to get this last process done. Immediately after starting ComboFIx, I realized that Avast should have been disabled but alas, it was nowhere to be seen on the lower right corner of the screen. After the scan was done, my computer rebooted and as ComboFix was preparing the log, I immediately disabled Avast permanently, but it may have been too late.

I was deliberating whether or not I should run ComboFix again (since Avast has been disabled permanently) but I don’t want to do more damage than good. I will await your advice in regards to this, as I feel like the biggest dope ever! So sorry for this most silly and careless mistake. Logs are attached below. Thank you in advance for your review! :slight_smile:

Hi,

  • I need to you delete current copy of Combofix, we will use a new, fresh one…

  • Disable you antivirus as before

  • Open notepad and copy/paste the text present inside the code box below:


ClearJavaCache:: 

DDS::
Trusted Zone: 82movie.com
Trusted Zone: 82movie.com\www



Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Good day! Thank you so much for all your help! :slight_smile: I just want to make sure before I mess something else up. To delete the current copy of ComboFix, is it as simple as dragging the icon into the Recycle Bin? As well as deleting the saved log in the C: location? Or is the process to deleting the current ComboFix a bit more complex? I just want to make sure I do this efficiently and proper. So sorry for this recent screw up! :cry:

Yes, simple as that. :slight_smile: We do not wont to uninstall Combofix. We just wanna use fresh Combofix.exe …

Thank you for all your help! :slight_smile: Attached is the new log from the new ComboFix per your instructions. :slight_smile: Have a great day! :smiley:

Nice…
One more thing to check before we finish…

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

Awesome! Thanks again. :slight_smile: Attached are the two logs requested. Have a wonderful weekend! :slight_smile:

Logs are clean and no signs of active malware. 8)

Let’s remove used tools:

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.


Just delete OTL ( drag and drop in Recuce Bin ) Do not use CleanUp! button!!!

Then on root C: delete _OTL folder.

C:\_OTL

Remove other used tools and that is. Be safe :wink:

Thank you sooooooooooooooooooooo much!!! :):):):slight_smile:

I do have a few last questions, however. :slight_smile:

I did the first step (removing ComboFix) but I got a warning. Screen capture is attached. Am I suppose to disable Avast prior to doing the uninstall?

And for the second steps you have listed:

Then on root C: delete _OTL folder.

Code: [Select]

C:_OTL

I have no idea what that means. Does that mean there is a OTL folder I am to delete? And where should I enter the code? I’m not very technically literate so I’m a little lost.

For removing the other tools: is it as simple as dragging them into the Recycle Bin?

Thank you SOOOO MUCH! You all are so awesome here. Total super stars! 8) ;D :smiley:

About Combofix, avast is active. You may disable antivirus or ignore warning. This is just an Combofix Uninstallations progress.

About C:_OTL ← it’s backup folder related by OTL.
Because we didn’t use the fix via OTL, there is no backup folder …
( I mentioned _OTL folder by habit, just ignore :slight_smile: )

I have done as you instructed and dragged all the other tools into the Recycle Bin to remove them from my desktop. Thank you so so so so so much for all your help! You all are a blessing to those of us who so unfortunate to become infected! I thank you all from the bottom of my heart and pray that you all will continue to fight this good fight against these pesky invasive viruses! :slight_smile:

Again, a million thanks and I hope you have a spectacular weekend!!! :smiley:

The pleasure is mine :slight_smile:

…stay safe. 8)

Happy Sunday! :slight_smile:

I have a quick question. Ever since your marvelous clean-up, my Avast has been acting up. I get these “trojan” warnings for legitimate sites, such as YouTube and in the case of the photo attached, tinypic.com. Do you know why it might be doing this? I haven’t downloaded anything since your clean-up and Avast is constantly active and running. I wasn’t sure if I should start a new thread? Let me know if I should. Thanks so much! :slight_smile: