virus in C:windows/assembly/temp/u

A few days ago I started to get a redirection when using google to other unwanted sites. I ran malwarebytes and it found a malware, fake.trojanms, I removed it. However, I still got the redirections. I downloaded avast and it has been finding threats. The threats are C:windows/assembly/temp/U/80000032 and they have been going to the chest. Please help!! I am using Windows 7.

Thanks,

Jason

follow this guide and attach (not copy and paste) the logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Ok here they are.
Thank you so much for taking on my issue.

@jenos1
Ok, you have active malware. You need to follow the instructions below:

Step#1

[*]In the start menu, Right Click Computer → Properties → System Protection
[*]Click Create → [enter your title here] → Create
[*]You should be prompted that this was successful.
[*]Click Close - > Ok

Step#2

Re-Run aswMBR

[*]Click Scan
On completion of the scan

[*]Click the Fix Button

[*]Save the log as before and post in your next reply

[*] Reboot your PC

Step#3

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.

Ok so I ran aswMBR, and when I hit fix it automatically rebooted the computer and I did not get to save the log. I ran it again and before hitting fix, I hit save and is my attachment, then I hit fix and it rebooted again automatically. What do I do? Also, when temporarily disabling windows firewall I am not allowed and recieve error code 0x80070424 when preparing to run Combofix. What does this mean?

Help

Jason

The infections is nasty. We may expect that glitch from tools in removal progress. :frowning:
You just re-run aswMBR and attach fresh log to see what is done.

You get this error when you try to disable windows firewwall?

error code 0x80070424

It could have been damaged by the malware.

Please skip that step ( disabling windows firewall ) and just run Combofix with disabled AntiVirus.
The important thing is to Combofix finish running and scanning system and set Combofix.txt log.

Here is the aswMBR and combo log. Let me know whats next :slight_smile:

Thanks!!!

bump

magna86 is notified. ;)a

Hello, sorry for waiting my reply.
Within 24 hours you will get my response. :wink:

Currently I have some personal obligation…

Sorry once again for wait me… :frowning:
These days I am very busy

The logs look much better. :smiley:
aswMBR was largely cleared malware, and Combofix has removed his active remains.

Step #1
You need to send to me this folder for analysis.

C:\Qoobox[b]Quarantine[/b]

Just rar this folder and create password “virus”
Please put this folder to rar archive and upload that rar to me.

You may use http://freakshare.com/ or http://bitshare.com/ or some other service.

Please, send me download link on private message. Thanks. :wink:

Step #2

You need to remove AVG leftovers. :slight_smile:

Here is info
Here is download link 64 bit versions.

Step #3

Tell me, how your system is running now?

Again, re- run aswMBR and attach here fresh aswMBR log.

I have the quarntine folder put as a rar file, however the forum says I am not allowed to write personal messages when I go to do that. Can I email you the download link? My system is running much better. Here is the new aswMBR log.

Yea, I forgot that rule. :smiley: Please send me to e-mail. :wink:

hegell86@hotmail.com
My system is running much better.

The good news. The logs show no traces of active malware. You are clean.
Please send me Quarantine folder and then we will remove the used tools. :wink:

Sent the email to you, thank you so much for the help, you have been great!!!

Files are received, thank you janos. :wink:

It is necessary to uninstall Combofix

Start >> Run

Combofix /Uninstall

Enter

Re-run OTL and click on CleanUp! button.

:wink: