Hello there,
I hope you can help me…
About ten days ago, avast successfully removed the virus VBS: flubberminer-D [trj] from my notebook. However, yesterday I discovered that, at the same time, my father’s notebook somehow got the same virus, I’m not quite sure how - maybe by my external hard disc drive?
Unfortunately, this time it could not be removed by avast because the virus seems to have spread or so, avast detected another four infected files with different names…
Then, I downloaded adwcleaner and it deleted some data, after rebooting the notebook avast found nothing except of some windows files that could not have been examined because of password protection. Nevertheless, the computer still doesn’t work properly, it’s too slow, the screen frequently frozes and Skype i.e. doesn’t work at all anymore, so I again fear that there still might be a virus on it. So what am I supposed to do next?
Thanks very much for advice.
hi Noobs,
Please attach that adwcleaner Log and attach the following. MBAM/OTL and aswMBR.
You can get those programs here: http://forum.avast.com/index.php?topic=53253.0
alright I’ll do it asap
here are two adw logs: It’s in german though
gelöscht means deleted
Schlüssel means key
gefunden means found
the other programm’s logs will come later
AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 18:50:41
Updated 24/11/2013 von Xplode
Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
Benutzername : PC - LENOVO
Gestartet von : C:\Users\PC\Downloads\AdwCleaner(1).exe
Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\jq0xpcvg.default\searchplugins\Askcom.xml
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\Partner
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browser ] *****
-\ Internet Explorer v10.0.9200.16736
-\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\jq0xpcvg.default\prefs.js ]
Zeile gefunden : user_pref(“browser.search.order.1”, “Ask.com”);
-\ Google Chrome v
[ Datei : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
AdwCleaner[R0].txt - [2430 octets] - [26/11/2013 18:50:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2490 octets] ##########
AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 18:55:31
Updated 24/11/2013 von Xplode
Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
Benutzername : PC - LENOVO
Gestartet von : C:\Users\PC\Downloads\AdwCleaner(1).exe
Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partner
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\jq0xpcvg.default\searchplugins\Askcom.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [ Browser ] *****
-\ Internet Explorer v10.0.9200.16736
-\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\jq0xpcvg.default\prefs.js ]
Zeile gelöscht : user_pref(“browser.search.order.1”, “Ask.com”);
-\ Google Chrome v
[ Datei : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
mbam found four infected files, here is the log:
it says that the deletion was successful, yet the screen lagged for 5-6 minutes after rebooting, so…
Infizierte Verzeichnisse: 1
C:\Users\PC\AppData\Local\Temp\CT3317209 (PUP.Optional.Conduit.A) → Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 3
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFGCOXG4\spstub[1].exe (PUP.Optional.Conduit.A) → Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\Downloads\Paint.NET_brff.exe (PUP.Optional.Conduit.A) → Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Temp\CT3317209\ddt.csf (PUP.Optional.Conduit.A) → Erfolgreich gelöscht und in Quarantäne gestellt.
attach the logs…not copy and paste
dont forget OTL and aswMBR logs
here the otl log
when I start aswmbr it says avast antivirrootkid doesn’t work anymore and it breaks down
Could you install and run the following programme on all computers please
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Then get the log which will be here :
Start > all programs > MCShield > logs > all scans
And post that
here is the mcshield log from my hard disc drive:
sorry I could not attach it
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 2.8.3.24 / DB: 2013.11.24.1 / Windows 7 <<<
27.11.2013 20:21:27 > Drive C: - scan started (Windows7_OS ~455 GB, NTFS HDD )…
=> The drive is clean.
27.11.2013 20:21:27 > Drive Q: - scan started (Lenovo_Recovery ~10 GB, NTFS HDD )…
Q:\autorun.inf > Legitimate file.
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 2.8.3.24 / DB: 2013.11.24.1 / Windows 7 <<<
27.11.2013 20:23:39 > Drive E: - scan started (TOSHIBA EXT ~932 GB, NTFS HDD )…
E:\autorun.inf > Suspicious > Renamed. (MD5: 260558f075a65a1ad3f299450b3f28b8)
=> Suspicious files : 1/1 renamed.
::::: Scan duration: 1sec ::::::::::::::::::
What are your current problems ?
I let mabm scan the hard drive and it found something, here is the log:
My current problem is that after rebooting the screen always freezes for about 5 min, there comes a microsoft windows message that an application doesn’t work and to either wait or end a process. and skype is not running
keygen DI V1.9 is a tool for making fake activate key for SONY programs ?
are you running cracked software…
Does windows state what application is not working ?
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
no it does not, it’s just a small window.
I just hope that I will be able to handle Combofix properly, I’ll better leave it for tomorrow, thanks so far…