I found some infected things on my computer when I scanned it earlier today. I moved the things found by Avast to the Virus chest (I’m not sure what I should do with them now that they’re there), then I did a boot-time scan and found a couple more things that I deleted. Then I got my hands on Malwarebytes and found some MORE things when I quick-scanned. I restarted when prompted and the log said they were quarantined and successfully deleted. I just finished a full scan with Malwarebytes and it seems the one was not deleted, despite another reboot.

Earlier, Avast was popping up these warnings right and left, it’s seemed to have lightened up a little bit after everything, but they haven’t gone away entirely, so now I am even more worried.

I feel rather stupid to have gotten this, but… I suppose it happens.

Attached are my logs.

Thank you very much.

(I'm not sure what I should do with them now that they're there

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

malware removers are notified, it may take hours before one arrive so be patient

Hi it is an MBR problem as far as I cannot see… That does make sense honest ;D

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Thanks a ton for your help
I hope I did everything correctly.
TDSSKiller report

11:25:05.0350 3456 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
11:25:05.0616 3456 ============================================================
11:25:05.0616 3456 Current date / time: 2012/08/15 11:25:05.0616
11:25:05.0616 3456 SystemInfo:
11:25:05.0616 3456
11:25:05.0616 3456 OS Version: 6.1.7601 ServicePack: 1.0
11:25:05.0616 3456 Product type: Workstation
11:25:05.0616 3456 ComputerName: KISAME
11:25:05.0616 3456 UserName: Abigail
11:25:05.0616 3456 Windows directory: C:\Windows
11:25:05.0616 3456 System windows directory: C:\Windows
11:25:05.0616 3456 Running under WOW64
11:25:05.0616 3456 Processor architecture: Intel x64
11:25:05.0616 3456 Number of processors: 6
11:25:05.0616 3456 Page size: 0x1000
11:25:05.0616 3456 Boot type: Normal boot
11:25:05.0616 3456 ============================================================
11:25:07.0878 3456 BG loaded
11:25:08.0143 3456 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type ‘K0’, Flags 0x00000040
11:25:08.0143 3456 ============================================================
11:25:08.0143 3456 \Device\Harddisk0\DR0:
11:25:08.0143 3456 MBR partitions:
11:25:08.0143 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:25:08.0143 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
11:25:08.0143 3456 ============================================================
11:25:08.0174 3456 C: ↔ \Device\Harddisk0\DR0\Partition2
11:25:08.0174 3456 ============================================================
11:25:08.0174 3456 Initialize success
11:25:08.0174 3456 ============================================================

RogueKiller reports attached

Could you attach the entire TDSSKiller log please it will be at C:\TDSSKiller date time

Also what are your current problems ?

Yessir, tis attached.

Since I’ve done all that, the pop ups from avast have gone away entirely and I can’t notice any other problems with my computer. Quick scan with Malwarebytes show no infected files anymore and avast has nothing either.
Although now whenever I go to open something a User Account Control box asks me if I should allow the program to make changes to my computer. Not entirely sure what’s up with that, but aside from that everything seems okay.

Thanks again.

RoguekIller turned the UAC back on again as you had it turned off

Re-run TDSSKiller with the same parameters as before. When the following appears select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Avast may pop up as the files are being moved, just so you are ready for that ;D

Once done if you are happy, let me know and I will remove my rubbish and tidy up

Alrighty, did that. Avast popped up as you said.

All seems well, ready for the next part!

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [emptytemp] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Go to control panel
[*]Select folder options (Appearance > Folder options in category view)
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

[*]Go to Control Panel and select System
[*]Select System
[*]On the left select System Protection and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create

Now we can purge the infected ones

[*]GoStart > All programs > Accessories > system tools
[*]Right click Disc cleanup and select run as administrator
[*]Select Your main drive and accept the warning if you get one
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[]Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

OTL did its thing, I cleaned everything up and updated Java. Just got around to getting FileHippo and updating Windows, now that I’m home.

Everything seems okay, but I’ll key a close eye on things and return if something goes wonky.

Thank you sooo much for your help! Really, I cannot express my gratitude enough.
I’ll definitely be more careful about my computer security from now on!

;D