Virus / malware locating & removal help

Hi all,

Have been meaning to get on here for a while now because I have for a long time suspected that I have something on my computer but not sure what or where.

Computer runs very slow sometimes, & some files on one of my external hard drives have gone missing & others have had their names replaced by symbols, (see attached screenshot) both on the computer hard drive & external. I have disconnected both externals, both of which I used to backup business files which I haven’t done in a good while due to these problems so I really need to get it sorted before I suddenly lose everything.

Scans with Avast IS7, Malwarebytes Pro & Superantispyware frequently find nothing but I’m not convinced my computer is free of bugs. Occasionally they do pick things up but not sure if they are false positives.

All help gratefully appreciated

Regards
Myles

Your Image shows the Administrator account, are you always running as the administrator ?

If so that leaves your system more at risk as any malware inherits your permissions.

The symbols as you call them on your image, I believe they are a different language possibly Chinese or Japanese, when you don’t have the language character set installed. Though why these file names would be displayed in this way is strange.

That said not getting any detections by avast!, MBAM or SAS is reasonably reassuring.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Whilst all of these are generally used when you are sure there is malware on the system (constant alerts by avast or other security scans), so I would say run the AdwCleaner which would be a good start if you have any crud toolbars, etc. Then OTL and aswMBR, no need for the MBAR scan as you have done that and found nothing.

Thanks for the reply david,

Yes I always run as administrator as it’s a home computer & only family have access to it. Is that an issue?

I’m actually thinking I may format both my external hard drives & start fresh with them. If I do that, I presume I can exclude them from the suggested scans etc.?

Why not wait and see what the malware experts say first…
follow the guide David gave link to and attach the logs requested :wink:

Yes it is an issue or I wouldn’t have mentioned it in my reply, you should create separate user accounts for your family. Kids could be given Limited User accounts to prevent them having too much potential to do harm to the whole computer. The adults could have a user account but in the administrator group (not a limited user), being in this group doesn’t give as many permissions as ‘The Administrator.’

OK David, here are the logs as suggested.

Incidentally there are a number of files in Avast virus chest, & Superantispyware quarantine & 1 in MBAM from past scans, not sure what to do with them? Do you need to see them as some appear to be trojans, malware gen & 1 backdoor bifrose.

Just doing another full scan with s a spyware shall I send log of result?

regards
Myles

here’s next log file, Do you need the MBR Dat file?

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

no problem, I’ll check back tomorrow morning.

Probably best, a malware removal specialist has been informed of your topic and he is in your time zone (now almost 12pm in the UK). So he will probably be back tomorrow.

Hi lets see if we can recover the missing files first

[*] Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

https://dl.dropbox.com/u/73555776/RKScan.GIF

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

https://dl.dropbox.com/u/73555776/RKDelete.GIF

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Hi essexboy,

Can I just ask, is it necessary to save file to desktop? or is it ok to save & run in application files folder in my docs

I’m using Firefox 17.0.1 does that have smartscreen filter or similar that needs to be disabled?

The desktop would be better as the reports are easier to find… There is no filter in Firefox ;D

OK here are the txt files. presume I can close rK now?

By the way there was also a quarantine folder created on the desktop, what should I do with that?

You may leave the quarantine file for the moment

Have all your files returned now ?

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Hi,
There appears to be no option to save TDSkiller report file & it won’t let me copy the report.
I haven’t rebooted yet as didn’t want to lose the report.

OK got TDS report now

That looks good

What are the current problems ?

problems I had were intermittent & random. Things like, occasionally the mouse cursor would speed up for no reason & sometimes a single click would actually double click. some programs taking for ever to open. etc & programmes closing on their for no reason.

Oh, also the printer has recently started to change certain text on pages I print into gobbledygook, just random characters. It only seems to happen if I set to print say 4 copies of a page & I close the page before it has completed printing them. it will do it to any that still haven’t printed after the page is closed… Any idea what that’s all about?

Hard to be specific as things happen over a period of time & I tend to forget.

Few questions below you may be able advise on.

I noticed the desktop hard drive only has around 3% capacity left so I guess this won’t help with speed, thinking I may move some pics etc over to the external drives.

The Maxtor external hard drive particularly seems to stop any programmes I have running in there tracks for about 10-15 seconds every time it starts itself up, is this normal?

I think I will format both external drives & start from scratch with them as I only really use them as backups. the Maxtor being connected constantly & the other just connected up once a week to back up. Is this an ok way to use them?

I do wonder if I have too much antivirus / malware etc software running & that is why things are slow… Do I need superantispyware, Malwarebytes & Avast running all the time, are they all ok with each other?

How often should I schedule full scans from these programmes?

What should I do with the quarantined & virus chest files I have? I have just re scanned 7 of them from the virus chest & they changed to no virus so I guess they are ok to restore now are they? only one left then is WIN32:PUP-gen(PUP) which came from C:\System volume information

Mbam has one Backdoor Bifrose which came from C:\program files\Code Laboratories\CL-Eye Driver\CL-Eye Device Manager.exe

SA Spyware has a few including trojans. Again not sure what best to do with them?

Sorry for all the questions & Thanks for your help