un know .exe running a .bat file on start up- Virus

so i downloaded something from a “friend” it was meant to be a game, i ran the .exe, nothing opened, then suddenly 20 pages of porn flashed up and it tried to reboot my computer, it succeeded
upon rebooting my windows tried to update, norton quickly flashed up and said it was un-trust worthy so i stopped it from running (i hope)
now upon booting my computer this .bat runs, and my computer is very slow now, on booting it today there was a black screen for around 30 seconds, i can not find this .exe in its directory which it is showing on the title of the batch file (See image below)

http://i.imgur.com/7TV4z.jpg

all i can remember about the file was that it it came as a .zip and inside that it had a:
RunClient.exe
ReadMe.txt
Javazoom (folder)
i know nothing about this and avast cant detect the file and neither can norton, HELP ME PLEASE :-[

Head on over here and have a read>>http://forum.avast.com/index.php?topic=53253.0 , then post the logs back here when the tools finish.

if you still have the zip, upload it to www.virustotal.com and test with 40+ malware scanners ( this you should have done before you run the exe :wink: )
when you have the result, copy the URL in the address bar and post it here for us to see

i dont have the zip, it was sent over skype, do you know a way to get it again?

do you know a way to get it again?
contact the person that sendt it to you....and have him send it again!
i know nothing about this and avast cant detect the file and neither can norton,
doe this mean you have avast and Norton installed ?

WOW:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xLinear :: ARCHERPCMKI [administrator]

Protection: Enabled

14/03/2012 14:45:02
mbam-log-2012-03-14 (15-11-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368730
Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID{HO7567QE-8E34-E47I-338J-QQAE8772GWBK} (Backdoor.HMCPol.Gen) → No action taken.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components{HO7567QE-8E34-E47I-338J-QQAE8772GWBK} (Backdoor.HMCPol.Gen) → No action taken.
HKCU\SOFTWARE\CYBER (Backdoor.Trace) → No action taken.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.HMCPol.Gen) → Data: C:\Windows\system32\install\client v45.exe → No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.HMCPol.Gen) → Data: C:\Windows\system32\install\client v45.exe → No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.HMCPol.Gen) → Data: C:\Windows\system32\install\client v45.exe → No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) → Data: C:\Windows\system32\install\client v45.exe → No action taken.
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) → Data: 12/03/2012 – 15:47 → No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\toby\AppData\Roaming\Microsoft\Defender\MSASCui.exe (Trojan.MSIL) → No action taken.
C:\Windows\System32\install\client v45.exe (Backdoor.HMCPol.Gen) → No action taken.

(end)

i know nothing about this and avast cant detect the file and neither can norton,
doe this mean you have avast and Norton installed ? [/quote] yes, but ive been using avast since the virus, a freind told me to get avast to try to get rid of it

your Malwarebytes log say “NO ACTION TAKEN” you need to click the “Remove selected” button after scan to quarantine the infections

also NEVER install more then one AV or this may give you all kind of windows errors and false positive detections

ok, i have removed the files via malware bytes, and there are 8 new updates for windows 7, 4 security, 1 for windows 7 and a few other
do you recomend installing theese, as they might be part of the virus im not too sure

There are Windows updates up right now, I have a few to apply myself.

They are probably legit, but I would wait till you get the system scrubbed before you try to finish them, just in case the malware interferes somehow. I’m probably just being over-cautious, but you never know.

It is in-line with Microsoft’s Patch Tuesday stuff, though I didn’t have that many in my win7 SP1 32bit.

Personally I would hold off on the updates until you are sure that your system is clean, you don’t want to possibly compromise those updates.

Also consider this info: http://www.prevx.com/filenames/684429767393293690-X1/RUNCLIENT.EXE.html

polonus

Thanks everyone, gunna un-install norton, do a full system scan with avast, then uninstall then reinstall norton, full system scan, then do updates thanks everyone

you should still attach the logs from OTL and aswMBR so the malware guys here can check if you are clean