Un-deletable Threat, Win32: Malware-gen

So recently I got struck by one of those “Vista Home Security 2012” rogue malwares and went through hours of trying to fix it. Being fed up with how nothing seemed to work, I decided to system restore to yesterday. The Vista Home Security 2012 threat is gone, but I have been experiencing consistent “Malicious URL Blocked” warnings from avast for the past few days.
http://i696.photobucket.com/albums/vv327/HookedOnRice/Avastwarning1.jpg

I ran Malwarebytes and Avast on quick and full scans. Malwarebytes didn’t seem to pick up anything but Avast came across 4 infected files.

http://i696.photobucket.com/albums/vv327/HookedOnRice/Avastwarning2.jpg

Again, problems arose and the virus chest server apparently was not working. I searched for some solutions, most recommending to reinstall but I didn’t want to risk being unprotected given how much these attacks have already put me through. In the end I decided to delete the files, but one of them appears to be un-deletable as seen in the screenshot above.

Should I try system restoring to a week back or so? Any other fixes or help with this is greatly appreciated. Sick of the crap these viruses will put you though >:(

Some rogue anti viruses(Fake av’s)download and install rootkits on the infected machine.
Let’s have a look.
Download aswMBR from here http://public.avast.com/~gmerek/aswMBR.htm
Run it
Scan
Post the log

OT:Glad to see a lol player ;D
EU or US?
Lvl?

You Might Have A Rootkit, A REALLY Bad Rootkit.

Now Lets See If This Works…

Open The Avast Interface.
Click Scan.
Click Boot-Time Scan.
Schedule A Boot-Time Scan (Make Sure In Settings It Checks: All Harddisks, System Drive And Auto-Start Programs (All Users).

Optionally, You Can Change The Sensitivity To Full Where You Will Possibly Get More Results But Some May Be False Positives (Anyway, I Have Mine On Full.)

So Good Luck!

aswMBR’s been running for almost 2 hours now. Do you want me to post the log as is now or wait until its finished?

Oh, and I’m in the US and level 30 :smiley: Been playing for a around a year now I guess. You play often? ^^

When it finish the scan please,choose save log and attach it here.Something is wrong,2 hours is really weird(?)

EU-30 lvl>Almost 700 wins :smiley:

Edit: Scratch that not working. Just needed to open it with notepad d’oh. Anyways heres the log:

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-23 11:26:53

11:26:53.793 OS Version: Windows 6.0.6002 Service Pack 2
11:26:53.793 Number of processors: 2 586 0x1706
11:26:53.794 ComputerName: AARON-PC UserName: Aaron
11:26:55.395 Initialize success
11:26:55.597 AVAST engine defs: 11062300
11:27:00.566 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
11:27:00.568 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
11:27:02.605 Disk 0 MBR read successfully
11:27:02.607 Disk 0 MBR scan
11:27:02.611 Disk 0 unknown MBR code
11:27:04.631 Disk 0 scanning sectors +976771120
11:27:04.666 Disk 0 scanning C:\Windows\system32\drivers
11:27:12.542 Service scanning
11:27:14.574 Disk 0 trace - called modules:
11:27:14.578
11:27:15.862 AVAST engine scan C:\Windows
13:28:02.859 AVAST engine scan C:\Users\Aaron
14:17:05.726 AVAST engine scan C:\ProgramData
14:38:24.748 Scan finished successfully
17:06:48.461 Disk 0 MBR has been saved successfully to “C:\Users\Aaron\Desktop\MBR.dat”
17:06:48.467 The log file has been saved successfully to “C:\Users\Aaron\Desktop\aswMBR1.txt”

And nice, I’m only at 450ish wins. From what I’ve been hearing Yorick is total weaksauce :stuck_out_tongue:

the tdsskiller.zip file isnt opening after saving it for some reason. Any clues?

How are you trying to open it ?

Do you have a zip program ?
If you haven’t got one try 7zip, http://www.7-zip.org/

Ah, looks like i just needed a reboot. WinRAR was acting up for some reason. Got rid of some pesky “This copy of Windows is not genuine” warning in the lower right hand corner of the screen even though it’s legit. Gonna try running tdsskiller now.

Tdsskiller didn’t pick up anything so I suppose all is well?

Rather depends on if you are still getting avast alerts or other suspicious activity ?

Haven’t got an alert from Avast all day and none of the false AV messages are appearing.

Well it is certainly encouraging, monitor you system over the next couple of days for any alerts or strange occurrences and get back to us if you do.

One thing I notice going over your topic again, is that you chose delete as the action in your scan results image.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.