I’ve been getting a pop up from avast telling me it’s blocking a trojan horse virus in C:\windows\assembly\temp\U\80000032 infection Win32:DNSChanger-VJ[trj. How can I get rid of it? I already ran Avast and it tells me to run the program and restart computer, but it still keeps popping up after several tries. It’s annoying because it pops up every couple of minutes.
The Virus Chest is full at the end of the day with the same virus.
Please help
and now you need to attach those log`s so essexboy have something to work with…
ok, what logs?
Good morning.Pondus means:
follow this guide here : http://forum.avast.com/index.php?topic=53253.0
Make sure to post your OTL log(s).
Reply>Lower left corner>additional options>attach.
I gave you a link to Essexboys guide in the first post you made ???
Ok here it is again
follow this guide and attach all log`s…not copy and paste
http://forum.avast.com/index.php?topic=53253.0
Lower left corner > additional options > attach
These are the reports that I got from the scannnings that i did. Im going to post the screen shot of the disk manegament and the report from the Super anti spyware on a separate reply
this is the superspyware report
screen shot of disk management
Essexboy usually arrive here in about 2 hours and is then available for about 4 hours…
so if you stay online, you may get this fixed today…
OK,
thank you very much
You have run Combofix I see
Could you delete the copy from your desktop and download a fresh copy please
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
I deactivated the avast anti virus and ran the combo fix, but for some reason it starts running but it stops at Completed Stage_49 and it doesn’t move from there. I waited for about and hour and a half and it didn’t move from there. the space bar is blinking but it doesnt move after stage _49
OK reboot the computer please and try once more - if it freezes again let me know and we will go another route
ok i rebooted it and it still doing the same thing. :-[ it still stopping at stage_49
I will get OTL to remove the assembly files and then CF should run through
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL:Reg
:Files
ipconfig /flushdns /c
C:\Windows\assembly\tmp\U:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
This is the latest scan that I did with OTL.exe
Did Combofix run - try safe mode if need be
Do the following:
[*]Click on the Start button and then choose Control Panel.
[*]Click on the System and Security link.
Note: If you’re viewing the Large icons or Small icons view of Control Panel, you won’t see this link so just click on the Administrative Tools icon and skip to Step 4.
[*]In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
[*]In the Administrative Tools window, double-click on the Computer Management icon.
[*]When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
Note: If you don’t see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
This is the screen shot of the Computer Management. I tried the combo fix again and left it over night and it was still at Completed Stage_49 this morning. How do I run it on safe mode? I tried pressing F8 while it was restarting, but it still restarted normal
Looks like this one has targeted Combofix, another new variant. So I will use AVP for a virus scan initially , but more importantly an analysis scan
Could you upload the entire zip folder created to Megaupload or mediafire and post the sharing link
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPfront.gif
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpsettings.gif
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPAnalysis.gif
On completion click the link to locate the zip file to upload and attach to your next post
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPZiplocation.gif
http://www.megaupload.com/?d=NR9GH4VI
this is the report that I got from Kaspersky Virus Removal Tool, after running it it did find the Assembly Virus and I got to delete it.