avz antiviral toolkit found trojans on my computer, the ones detected was Trojan.Win32.Agent2.byu and Trojan-Downloader.Win32.AutoIt.q
the computer is still freezing after deleting the trojans, can anybody help me with this? the logs is attached.
avz antiviral toolkit found trojans on my computer, the ones detected was Trojan.Win32.Agent2.byu and Trojan-Downloader.Win32.AutoIt.q
the computer is still freezing after deleting the trojans, can anybody help me with this? the logs is attached.
Can you run a Malwarebytes quick scan, check everything and click remove selected?
Attach the log from MBAM here.
here is the malwarebytes log, malwarebytes detected nothing
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversjon: v2014.02.18.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Bruker1 :: PC-123 [administrator]
18.02.2014 18:03:55
mbam-log-2014-02-18 (18-03-55).txt
Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 208562
Tid tilbakelagt: 5 minutt(er), 33 sekund(er)
Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)
Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)
Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)
Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)
Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)
Mapper oppdaget: 0
(Ingen skadelige objekter funnet)
Filer oppdaget 0
(Ingen skadelige objekter funnet)
(klar)
Hi,
First we shall hit with ComboFix. Then post me fresh OTL.txt logreprot.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
Re-run OTL, click on QuickScan and post me fresh created OTL.txt logfile.
here is the logs
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5C321E34
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
Download TDSSKiller and save it to your desktop.
[*]Run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to:
- Verify Driver Digital Signature;
- Detect TDLFS file system
- Use KSN to scan objects
[*]Click OK, and then click Start Scan button.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next replyNote:It will also create a log in the [b]C:[/b] directory.
here
Hi,
Posted logs doesn’t show the malware activity. I wanna check something:
Download AVZ Antiviral Toolkit from the following link:
[*] Extract the archive to a folder.
[*] Run AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);
[*] Click on File > Scripts Standard ;
[*] In the window that opens check options 2 and click Execute Selected Scripts;
[*] Click Yes ;
[*] When scan is finished you will get a note: Script Executed ;
[*] Exit the program.
Attach file virusinfo_syscheck.zip contained in folder AVZ \ Log on the forum.
here is the message from the forum i get when attaching the file You cannot upload that type of file. The only allowed extensions are txt,jpg,gif,png,log
Upload it on wikisend.com and post download link here.
i have not experienced that the computer is freezing anymore, but internet explorer can not connect to websites.
…and AVZ and other logreprot doesn’t shows the malware in your system. Therefore, I shall remove used tools.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
have used delfix now, but do you have a solution to get internet explorer to work?
First, I do not know why do you use IE in Windows when you have Firefox and Chrome browsers but let’s check that anyway.
Zoek shall attempt to reset IE settings back to default + it shall preform some additional cleaning route. After zoek’s run, tell me is the problem with IE fixed?
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
the problem with internet explorer is not fixed. the log is attached.
it seems it is only my startpage wich isnt showing in internet explorer, my startpage is www.google.no ,other sites work. no big deal then, thanks for the help
Ok. Run DelFix one more time to remove zoek’s files.
i am scanning with avast now, it has found 4 infections. i will post back when avast is finished scanning.
Hm…weird. The detections could be just the remains, nothing dangerous but post here the results.