Unable to move virus

I have had a quick look around the forum and cannot find the answer…

Avast has picked up win32:dracur virus and I have performed a boot scan.Avast has shown the virus in the results but i am unable to perform any task to remove the threat.

In the right hand column i get the message "Error access denied (5)

I am using windows 7 with ie and mozilla as my browsers.

Avast tell me my system is secure so i cant understand how this threat has got into my system.Avast is the only av i use and have done for a lot of years and have never had any type of problem before.

Thanx for reading this and hopefully sorting me out

Do you have a file location for this ?

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Check the box that says Scan All Users
[*]Under the Custom Scan box paste this in


netsvcs
drivers32 /all
%SYSTEMDRIVE%*.*
%systemroot%\system32\Spool\prtprocs\w32x86*.dll
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

The otl report is too long to post as is the extras text can i post them in 3-4-5 pieces each?

Can you attach them ?

When you start a post there is a box called additional options
Press the browse button
Select the first one
Then select more attachments and add the second

Seems to be a redirect virus
Trojan:Win32/Dursg.C is a trojan that redirects Web searches when a user enters certain key words as a search query in specific search sites.

Win32:Dracur (Avast)
http://www.pc1news.com/virus/alias-win32-dracur-274889.html

Trojan:Win32/Dursg.C
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FDursg.C

have to do it in 2 cos they are too large

no 2

OK lets start

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-2100727508-797518319-1439027893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..network.proxy.type: 1
[2010/06/21 23:24:49 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober11054012.xml
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [RTHDBPL] C:\Users\jerry\AppData\Roaming\SystemProc\lsass.exe File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dsdmo32.dll) - C:\Windows\SysWOW64\dsdmo32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\crtdll32.dll) - C:\Windows\SysWOW64\crtdll32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dbnetlib32.dll) - C:\Windows\SysWOW64\dbnetlib32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dmutil32.dll) - C:\Windows\SysWOW64\dmutil32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dll) - C:\Windows\SysWOW64\dskquoui32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cryptbase32.dll) - C:\Windows\SysWOW64\cryptbase32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dbnmpntw32.dll) - C:\Windows\SysWOW64\dbnmpntw32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dmutil3232.dll) - C:\Windows\SysWOW64\dmutil3232.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dllgo4t9zy32.dll) - C:\Windows\SysWOW64\dskquoui32.dllgo4t9zy32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cryptsvc32.dll) - C:\Windows\SysWOW64\cryptsvc32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dll) - C:\Windows\SysWOW64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\docprop32.dll) - C:\Windows\SysWOW64\docprop32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dll) - C:\Windows\SysWOW64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\docprop32.dlln1sanjmrrcm32.dll) - C:\Windows\SysWOW64\docprop32.dlln1sanjmrrcm32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dllb1eo2c23whe9o932.dll) - C:\Windows\SysWOW64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dllb1eo2c23whe9o932.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll) - C:\Windows\SysWOW64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll) - C:\Windows\SysWOW64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll6e70uamlt32.dll) - C:\Windows\SysWOW64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll6e70uamlt32.dll ()
2010/05/08 14:39:37 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll6e70uamlt32.dll
[2010/05/08 14:39:07 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll441t6xoa7apn32.dll
[2010/05/08 14:38:48 | 000,285,696 | ---- | C] () -- C:\Windows\SysWow64\dsound32.dll
[2010/05/08 14:38:36 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\docprop32.dlln1sanjmrrcm32.dllxv7jv32.dll
[2010/05/08 14:38:18 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dllb1eo2c23whe9o932.dll
[2010/05/08 14:38:06 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\docprop32.dlln1sanjmrrcm32.dll
[2010/05/08 14:37:48 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dllpcqoeo32.dll
[2010/05/08 14:37:36 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\docprop32.dll
[2010/05/08 14:37:18 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dskquoui32.dllgo4t9zy32.dll0dp1v5e1t32.dll
[2010/05/08 14:37:06 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc32.dll
[2010/05/08 14:36:47 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dskquoui32.dllgo4t9zy32.dll
[2010/05/08 14:36:35 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dmutil3232.dll
[2010/05/08 14:36:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dbnmpntw32.dll
[2010/05/08 14:36:05 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\cryptbase32.dll
[2010/05/08 14:35:47 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dskquoui32.dll
[2010/05/08 14:35:35 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dmutil32.dll
[2010/05/08 14:35:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dbnetlib32.dll
[2010/05/08 14:35:05 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\crtdll32.dll
[2010/05/08 14:34:46 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\dsdmo32.dll

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

thanx for the help so far

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4235

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24/06/2010 22:17:41
mbam-log-2010-06-24 (22-17-41).txt

Scan type: Quick scan
Objects scanned: 122754
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Essexboy

Thank you very much for the help and the cure for my ails.

Great guy

Looks good from my side - do you have any further problems. If not let me know and I will remove my tools ;D

No further problems thanx a lot

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following


:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

Grateful thanx ;D

My pleasure - after all the wife is a Yorkshire lass

Good for her lol 8)

I only married her 'cos her old man worked at John Smiths and there was lots of free beer ;D