I recently found out I had a redirect virus. Got that taken care of via Spybot S&D and Superantispyware. Turns out it’s much more than that. I’ve had Avast on silent/gaming mode for a while now and wasn’t seeing the pop ups, but sure enough my avast chest is filled with these viruses. There are also some Java:CVE-2011-3544-CF and -CK and -CV and -CU and -I files in there, as well as some Java:Agent files. Im not sure if they’re related. Here are my logs so far.
I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
If you don’t know or understand something, please don’t hesitate to ask.
Please DO NOT run any other tools or scans while I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
C:\Users\Jimmy 3\Desktop\ComboFix.exe
You have download Combofix. I see that you are not run Combofix what is wise
Step1
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
ipconfig /flushdns /c
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
O3 - HKU\S-1-5-21-601369440-751749748-3304957453-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-601369440-751749748-3304957453-1001\..\Toolbar\WebBrowser: (no name) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No CLSID value found.
:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{30c00474-9f63-01c0-a1a1-bce624d4bf88}
C:\Users\Jimmy 3\AppData\Local\{30c00474-9f63-01c0-a1a1-bce624d4bf88}
:Commands
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Step2 Delete current Combofix!
Download fresh ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Ok so I ran the OTL fix, and it rebooted my computer. I saw the .txt report upon reboot, but I had nothing but a black screen for a desktop. I rebooted my computer and now my desktop appears fine, but I don’t see the report from the reboot. Is there anywhere I can find that? I’ll wait for a response before going any further.
Ok I found the OTL file, but now that I am trying to run Combofix, it is telling me that Avast is still running (I have diabled all shields permanently) and that combofix will continue to run at my own risk. Should I allow it? Here is the second OTL file by the way.
Ok so I disabled avast, and ran combofix. Here is the report. I am on a laptop atm because now when I try to open internet explorer on my dekstop (the infected computer) it is saying:
C:\program files (x86)\internet explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion.
So far everything has been fine. It’s funny, I originally was just trying to get rid of a redirect. I got rid of that and hadn’t noticed any other problems (even when I had the redirect that’s all that I was noticing.) It was when I started doing scans with a few diff programs that I saw that I had this problem. Even when I found that out nothing seemed out of the ordinary other than my load time when booting up was maybe 5-10 seconds longer than usual. Either way everything seems to be fine now (boot time is back to normal). The one thing I have noticed that is different, is before when I would boot my computer, it would take me to the Windoes user Logon screen. I only have one user (which is me) but now it’s just booting straight to the desktop. That doesn’t really bother me so much, but is that something I should be concerned about?
The one thing I have noticed that is different, is before when I would boot my computer, it would take me to the Windoes user Logon screen. I only have one user (which is me) but now it's just booting straight to the desktop. That doesn't really bother me so much, but is that something I should be concerned about?
No, thouse settings you may made in control panel > user accounts
