Hello to all, not to sure what my problem is exactly but I believe I am infected with some kind of virus… Its started off with ssl encryption error messages in google chrome and firefox that I couldnt resolve so I uninstalled both. I now am having to run IE but cant seem to download much or update anything which includes Avast Premier. So far Ive resetting IE to the default settings but even that doesnt see right and Ive also tried downloading Malwarebytes with no success. I have also been in connact with avast free phone support who tried to remote access my computer but whenever they tried downloading any tool, my internet connection would cut out.
Within Avast Quarantine Virus Chest there seems to be many entries for something called Win32:Evo-gen
Please note I was able to download and scan with FRS and the txt files are attached
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.
Don’t forget to re-enable your switched-off protection software!
Computer seems to be going faster already after running RogueKiller, so Im wondering if its okay to try and update Avast to the newer program version or should I wait until after logs are looked at…
Please download TDSSKiller by Kaspersky and save it to your desktop.
[*]Right-click on https://sites.google.com/site/cannedfixes/home/hosted-images-tools/TDSSKiller_Kaspersky.png
icon and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator to start the tool.
[*]Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
[*]Your machine may appear very slow and unusable after that - it’s normal.
[*]TDSSKiller will run automaticaly. Click on Change parameters and click OK.
[*]Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.
[*]Click the Start Scan button and wait patiently.
If anything will be found follow this guidelines:
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
[*]If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
If Cure is not available, please choose Skip instead.
[*]Do not choose Delete unless instructed!
A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version][Date][Time]_log.txt. Please include the contents of that file in your next post.
Avast up dated on its own to the new 2015 version and after the scan found a Malware Gen which it moved to the chest.... Avast then asked to restart to Finnish cleaning up and I didnt realise that it was in fact restarting a boot-time scan. Again the Malware Gen was found and moved to the chest as well as some corrupted archive files. Please accept my apologies for not watching what was happening more closely and be assured I won`t drop the ball again lol I have just tried to download the TDSSKiller but nothing is happening so what would you like me to do now?
Thank you by the way, for all your help so far. Much appreciated Natt
This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.
Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that’s absolutely normal.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
When the pre-scan is completed, please do the following:
[*]Please check in the Quick scan box.
[*]Please uncheck the IAT/EAT and Show All.
[*]Click Scan.
[*]If you see a rootkit warning window click OK.
[*]When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don’t forget to re-enable previously switched-off protection software!
Dont know if this is of any interest but here's a screenshot of a popup I just got while reading some of todays post in this forum… I have no idea which program it come from and when I tried to read the message, I was taken to a blue screen with another popup saying if the program needs more information it will let you know later… I got back to my desktop via the return now button as no other shortcuts would work.
XP users click run after receipt of Windows Security Warning - Open File. 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Things are starting to slow down again here are the scans… BTW any idea how I can uninstall Mozilla Firefox as all functionality has stopped and I`m getting an error message saying [cannot load XPCOM] which I have idea what that means
Please visit this page: Dr.Web CureIt!
You will find there a download site and instructions how to run a free scan with Dr.Web.
Some notes from me:
[*]The file will come totally randomly named (like h34cva7) - that’s normal; however it will have this icon: https://sites.google.com/site/cannedfixes/home/hosted-images-tools/DrWebCureIt.png
.
[*]It may take a while to finish, depending of your capacities and system specs, be patient.
[*]Don’t fix anything on your own using Dr.Web - this type of scans often produces false positives; I will tell you what to remove and how to do it after a look at provided results.
Upon completion, please click Open Report and include it here for my analysis.
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
Natt, I would loved to hear your thoughts as to what you think might be going on, as I’m kinda in the dark here “MEANING” do you think there is a virus lurking in the background or is this something else…
the main issue is tah I don’t see an issue here. Nothing that I see is malware or system related. I suspect some hardware, however those symptoms aren’t typical.
Believe me that I’d love to solve your issue… Need to have a talk with some colleagues. Will post back as soon as we will be able to identify anything relevant here.
here are the scans… BTW any idea how I can uninstall Mozilla Firefox as all functionality has stopped and I`m getting an error message saying [cannot load XPCOM] which I have idea what that means