What do I need to do at this point?

Viruses and worms
1

So I have downloaded avast! Internet Security today on 3 of the computers in my house hold.

We switched from Norton on a recommendation.

I ran the Full System Scan on our PC and it came up with 20 high risk items.
They all transferred to the Virus Chest. The dates in the “Last changed” column date from about 9 months to a few years ago (Makes me question what kind of service I was provided) and I really can’t recall when they showed up or how or why.

the list that showed up in the “Virus” column were these:

Win32:Rootkit-gen [Rtk]
Win32:Malware-gen (5 times)
Win32:Adware-gen [Adw] (8 time)
Win32:Installer-M [Adw]
Win64:Adware-A [Adw]
MSIL:BHO-A [Trj]
MSIL:BHO-B [Trj]
BV:Malware-gen (2 times)

I’m pretty new to this but I know that is a lot and it can’t be good.
I was going to download Malware bytes also but I wanted to check before hand

If they are in the Virus Chest would MalwareBytes catch them?
Do I remove it?

I pretty much just need direction at this point on what to do, please.

2

1]
Remove Norton Completely
http://www.ache.nl/index.php?location=mal-01

2]
Perform a clean installation of avast

3]
Run a bootscan with avast and let it handle everything it finds.

4]
Follow the instructions:
https://forum.avast.com/index.php?topic=53253.0

3

Thanks Eddy. I will follow those steps, I think it started to do a bootscan (is that when the screen goes black and starts running through the files again?) but I stopped it because I wasn’t sure what that was.

4

In order to perform a clean installation with avast! I would have to delete it compleelty from the computer and reinstall right? Now does that mean what was put in the virus chest will be put back or will it remain there?

5

It will be removed, don’t worry about it.

6

Ok thank you. I am assuming if there are any other antiviruses that might have been downloaded to remove them as well.

7

Yes, only install and use 1 av.
We recommended to use avast + mbam + mcshield as protection.

You can find uninstall tools/tutorials on the website I gave you.

8

OK, so I have gone through each computer and searched for any unknown downloading of an AV, deleted it, then deleted avast! then re-installed it. So far on the main PC it is catching a lot more infected files; currently at 19% with 42 infected files at this point in time. I am guessing after the reboot is when I would download the MBAM and the McShield. Now, what ever avast! doesn’t take care of (depending on severity) will these programs take care of it?

Thank you so much by the way; I don’t know how I end up being IT in my household. ???

9

Let avast finish, then get and run mbam.
Take your time.

10

So It finished and put about 99+ low risk threats into the virus chest on the main PC but has not prompted me to do a reboot. The one that it wasn’t correcting was also low risk (Win32:Adware-CAH?) but took longer than an hour so I just finished it and restarted my self. Should I do another system scan or continue on with downloading MBAM?

11

hey jordin_lyn please continue with the guide that was posted above by edddy and attach the logs from mbam, and frst. a malware expert will help you from there :slight_smile:

12

OK, so I followed the instructions as close as I could (not sure if the steps were exactly as followed). The log for MBAM is attached, I hope that is the right one. I am not sure what FRST is though.

13

NVM ON the FRST I see what you are talking about.

14
I am not sure what FRST is though.
it is the next program / instructions you see below malwarebytes instructions in the guide
15

Thanks, it clicked in my head as soon as I sent that. I am following the instructions on the post link Eddy gave me. So far my computer has not asked to reboot at any point in this process but I restarted anyway. I am not sure if that is the same, so I hope it isn’t hindering this process.

Sorry, I am a total noob at all of this. lol

16

Take your time and if you have any questions just ask :slight_smile:

17

OK! SO here are the logs.

1). MalWarebytes(2): This is the one I ran the 2nd time. It asked me to reboot finally. 11:15 am (my time)I just checked the file and I see nothing. :-[

2). FRST(1)

3). Addition(2)

4). aswMBR

18

OK next step, on completion of this can you let me know how the computer is behaving

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-917921553-462031098-1553664700-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-917921553-462031098-1553664700-1000] =>  SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = Toolbar: HKU\S-1-5-21-917921553-462031098-1553664700-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File 2014-12-24 15:36 - 2014-12-24 15:36 - 01055936 _____ (Adobe) C:\Users\Lambrat\Downloads\install_flashplayer16x32axau_mssa_aaa_aih.exe 2014-12-16 23:29 - 2014-12-16 23:29 - 01067642 _____ () C:\Users\Lambrat\Desktop\blah.zip.0e956kk.partial 2014-12-16 23:27 - 2014-12-16 23:29 - 01067642 _____ () C:\Users\Lambrat\Downloads\1471298167_b9de3cbec886447f309ec14f9417b29213d7f1eb.zip Task: {253AFF24-9E17-4C0B-81BC-429B46CEE54A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe Task: {6DE7A065-91AB-4ED3-8603-3A5188A60115} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe Task: {A482ECDC-F449-4276-B02E-DD51A979D571} - System32\Tasks\{5BEEEBD7-71C5-4613-A147-7F3806B87B7E} => Firefox.exe Task: {F0ABBACF-C7A3-4499-9CEB-3F154C28EE39} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe C:\Users\Lambrat\AppData\Local\Temp\isdkcMpofwhc EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

19

here are the 2 logs.

I am noticing a difference in how the computer is running. ;D

20

Are there any further noticeable problems ?