Virus from skatteverket.net

I real ugly virus has showed up in Sweden from Skatteverket.net. Avast did not react to it, so if you get this mail from Skatteverket.net and open the zip file, it will take two Days work per / pc to sort out the problem. Anyone that has a Quick fix for this ?

Hello

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

if you still have the zip file (dont open it) upload and test it here www.virustotal.com / www.metascan-online.com

all vendors will then get the sample … you may post link to scan result here

EDIT: according to this http://nyheter.wecloud.se/2015/05/varning-for-malware-inkomstdeklaration.html

this is the one
https://www.virustotal.com/en/file/2a4f8edba7d045050cd208e0c7a12e346c4b71f8c917b7299d7388bb74b4a25b/analysis/

Hi,
We detect this since 25. 5. 2015 13:44:51 CEST as Filerep-malware.

Many thanks to all answers. But, how the hell do I get rid of the malware…??

Any suggestions ?

you follow instructions given above by argus … then he will assist you

We did runt that program but it was no reporting to : The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

We started the PC in failsafe mode and with some bending we got it to run properly. Will Avast notify malware from now on since it´s reported ?

you need to attach (not copy and paste) both logs here, then argus can assist you

Hi. Got the same problem. Attaching logs from FRST. Thankful for all the help i can get…

/Stefan

@sf3

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fixlog attched.
Should mention that Before I ran the fix I ran Panda Cloud Cleaners tool to kill unnecessary processes.

/Stefan

How is the situation now?

I cant uninstall AVG. Cant install Malwarebytes, Cant run ESET Rovnix cleaner. Nothing happens when executing them.

AVG Remover
http://www.avg.com/ww-en/utilities

https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/mbam-old.png
Uninstall outdated Malwarebytes’ Anti-Malware

Please download MBAM-clean and save it to your desktop.

[*]Right-click on mbam-clean.exe icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

Same with those two exe-files, nothing happens when executing them.

/Stefan

Try in safe Mode.