Hi!
Did get virus, probebly from a wp plugins…

I scaned with Avast premier version and it found 2 virus, 1 trojan and one other file…tink it was and Iframe…html file…dont remember. I choose to fixed automatic and they were put in virus chest.

From this place i choose to delete them.

Then i full scan again and it didnt found any more virus…but i whanted to check again so i did a boot-scan with avast, then Avast found 5 files who were corupted and i choose again fix alla automatic.

Then after the boot scan were done i went to avast statistic and there were 2 more files in viruschest and i deleted them.

Then i put my onedrive on: Make avalible only on-line.

Then i scan mapp of chocie and i choose Onedrive i have and then the gave me answer that 6 files had message: Error: File are offline- it is currently not avalibly
(42006).

And if i put my onedrive on make avalible offline…then scan that folder i get anser its virusfree.

I have boot-scan again and no virus in virus chest, but get errors on 5 files and its in my computer in C: they are and the error is 42125.

Can i go to C: and mark them and delete only? Its some zipfiles and some selection file to Psp…is that ok to delete them from C:?

Now to the important question, do you think i have virus still?

One more strange thing…when i close my computer, put it off, then put it on and shell login i cant write anything in password box only when i restart the computer again…then i can put in my password…strange yes? Have you any clue way it do this? Can i still have virus, is that way? It started to do this with login after install the pluginsprogram i installed (were i think the virus were from)

Meny thanks!!!

/Sanne

I have boot-scan again and no virus in virus chest, but get errors on 5 files and its in my computer in C: they are and the error is 42125. Can i go to C: and mark them and delete only? Its some zipfiles and some selection file to Psp...is that ok to delete them from C:?

And there is no rush to delete files from quarantine, if you find out later that they are false detections then you have no option to restore files

If you need help, follow instructions here https://forum.avast.com/index.php?topic=53253.0

Thanks!
I will check the link.

/Meny Thanks!

/Sanne

Hi! I checkt that link out yesterday and today i downloaded: Malwarebytes’ Anti-Malware and put in the settings as it stand: Settings > Detection and Protection
Tick Scan for rootkits. Then i scan my computer and get message:

scan completed successfully! No malicious detected!

So now i wounder should i continue the list from: https://forum.avast.com/index.php?topic=53253.0 and export the history Log, then download the other software: Farbar Recovery Scan Tool ?

Or what i do now?

I also wounder if im able to do this scan with Malwarebytes’ Anti-Malware on my cloude Onedrive to see if any malware is on my clodedrive (Onedrive)?

Meny thanks for helping me!!!

/Sanne

[b]Farbar Recovery Scan Tool[/b]

Hi Pondus!
I couldnt attachted the xml file…is it that 2 you need to see? So the xml file i saved in txt insted…is that ok?

Meny thanks Pondus!!

/Sanne

Farbar Recovery scan Tool will produce two diagnostic logs frst.txt and additional.txt

Here the 2 files comes.

meny thanks!

/Sanne

What problems are you experiencing ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File 2015-03-11 09:03 - 2015-02-07 00:09 - 00396419 _____ () C:\windows\system32\ApnDatabase.xml 2015-03-06 09:00 - 2015-03-06 09:01 - 145308589 _____ (TemplateToaster.com ) C:\Users\user\Downloads\TemplateToaster(15).exe 2015-02-27 10:04 - 2015-02-27 10:04 - 145305595 _____ (TemplateToaster.com ) C:\Users\user\Downloads\TemplateToaster(14).exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

My problem is when i shall login on my computer…i cant write anything in password, tryed to close it down and put it on, same problem, but when i take restart the computer, then i can put in my password. This problem still is on the computer.

Hade problem before with the wp plugins program (i think the virus come with) this program i have deleted from my site.

So what should i do now after show you the 2 files?

Should i floow your instruction you wrote after your question: What problems are you experiencing ?

Meny thanks!

/Sanne

Should i floow your instruction you wrote after your question: What problems are you experiencing ?

In the same place as FRST.exe was downloaded or installed?

If installed…think it was under c: but dont know were…do you know were i find seache in windows 8.1? If i need to search the exe ?

Meny thanks!
/Sanne

Copy \FRST to your desktop, or if you cannot find it then download a fresh copy. The fixlist should also be on the desktop

Is it ok with a shortcute from downloads?

Here the log is.

Do i follow your instructions now or wait?

Yes continue with adwcleaner

Yes now i had the same on desktop FRST.exe and the fixlist file and cliked on fixed. Then restart thye computer again.

Then i remember one more problem who happed after the virus. When i have logged in on my computer the usually the internet connection automatic put on, but not after the virus, than i need to do it my self…maybe that is not a big problem for me, only whanted to tell you…

What i do now? Istall: AdwCleaner?

Meny Thanks!!!

/Sanne

Now i have done that to and the file you need i send with here.

What i do now?

/Sanne

Is the computer rebooting properly now ?

Are you experiencing any other problems ?

I shall try and close down it totaly and turn it on and see if im able to loggin propertly.

/Sanne