Win32:Downloader-PKU {Trj}

Viruses and worms
21

Followed all the steps…

You are a saint by the way for persevering to help me! :slight_smile:

22

AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681}

You forgot to turn off antivirus ;D

How is your computer running now? :slight_smile:

23

Fine…should i repeat it again? Minus the antivirus, haha

24

No need. :slight_smile:

We need to remove used tools:

It is necessary to uninstall Combofix

Start (
http://fotkica.com/thumbs2/117539_tmb_191855275_Windows_Logo_key.gif
) >> Run

Combofix /Uninstall

Enter

Re- Run OTL and hit CleanUp! button.

:wink:

25

can you help me?
here are the txts from frst64:

26

All right. Hold on to review the log.
You should open a new thread for your problem. :wink:

27

@anespaok
This fix steps are made for you!!!

Step1

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.

Start
SubSystems: [Windows] ==> ZeroAccess
0 235ff5467dc0cc15; C:\Windows\System32\Drivers\235ff5467dc0cc15.sys [74184 2012-06-23] () ATTENTION =====> Rootkit?
2012-07-24 16:28 - 2012-07-24 16:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24BD4A6167518968
2012-07-24 16:28 - 2012-07-24 16:28 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ytojbbke.sys
2012-07-24 16:25 - 2012-07-24 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE8B89440C4ED2FC
2012-07-24 16:15 - 2012-07-24 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D82429B05A30DE3B
2012-07-24 16:10 - 2012-07-24 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3369E6F29E382544
2012-07-24 16:07 - 2012-07-24 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E442670E3F5A9A5
2012-07-24 13:58 - 2012-07-24 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A4502F0575B6CF4
2012-07-24 12:27 - 2012-07-24 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.308C5E04447F2625
2012-07-24 11:58 - 2012-07-24 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0E69C0F996348EF
2012-07-24 10:38 - 2012-07-24 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.543DE62E81178553
2012-07-24 08:59 - 2012-07-24 08:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7BB03DDAE181A29
2012-07-24 06:28 - 2012-07-24 06:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.693348642441A5A4
2012-07-24 16:28 - 2012-07-24 16:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24BD4A6167518968
2012-07-24 16:25 - 2012-07-24 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE8B89440C4ED2FC
2012-07-24 16:15 - 2012-07-24 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D82429B05A30DE3B
2012-07-24 16:10 - 2012-07-24 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3369E6F29E382544
2012-07-24 16:07 - 2012-07-24 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E442670E3F5A9A5
2012-07-24 13:58 - 2012-07-24 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A4502F0575B6CF4
2012-07-24 12:27 - 2012-07-24 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.308C5E04447F2625
2012-07-24 11:58 - 2012-07-24 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0E69C0F996348EF
2012-07-24 10:38 - 2012-07-24 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.543DE62E81178553
2012-07-24 08:59 - 2012-07-24 08:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7BB03DDAE181A29
2012-07-24 06:28 - 2012-07-24 06:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.693348642441A5A4
2012-06-23 03:52 - 2012-06-23 03:52 - 00074184 ____A C:\Windows\System32\Drivers\235ff5467dc0cc15.sys
ZeroAccess:
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\00000001.@
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\80000000.@
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\800000cb.@
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Step2

Please download Malwarebytes’ AntiMalware.

Double click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the entire report in your next reply.

Step3

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool. Select Yes if prompted to download the Avast database.

[*]Click Scan
[*]Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.
[*]You will also notice another file created on the desktop named MBR.dat. Right click that file and select [b]Send To>Compressed /b file. Attach that zipped file in your next reply as well.

28

thank you. ;D

29

@ anespaok
Logs look very good. Additional checks

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.