I ran an Advast scan last night (full system), and it found HTML:lframe-inf. I then ran a boot scan, and it found Win32:Dropper-gen [Drp] and Win32:Adware-gen [Adw]. Per the forum instructions, I ran MalwareBytes, FRST, and aswMBR.exe (logs are attached). MalwareBytes found nothing, as it has when I have previously run it. A couple of days ago, Avast transferred another virus to the chest (JS:CVE-2013-2551-B [Trj]. What do I need to do to get rid of these infections? Needless to say, the PC has been powered down most of the time. Thanks for the help!
If moved to quarantine they should be gone … or do they come back?
A log expert will check your frst log later today
Not sure if they come back, as I’ve not typically done Avast boot scans. I’ve run scans with MalwareBytes and Super AntiSpyware with some frequency, and they’ve only found tracking cookies, which are then removed.
Forgot to mention earlier - when the PC rebooted after the boot scan, there was a small message on my desktop that the Windows installation was not a genuine Windows product. I’ve never had that message before, but it’s gone after restarting the PC. Should I reinstall Windows from my recovery disks? It’s a lot of work for updates (old software), but I’m concerned about the security of the system given the viruses and this message.
No major problems there, so need to think about re-installing. Avast probably hit on the conduit files which were part of skygolf
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
SearchScopes: HKLM - DefaultScope value is missing. EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
New logs are attached. Is it a good idea to use the AdwCleaner from time to time?
Thanks for your help!
With regards to AdwCleaner, always use a fresh copy as it is regularly updated
How is the computer behaving now ?
I haven’t been able to use the PC since running the cleaning tasks, will use it more this weekend. I ran another boot scan this evening, and it looks like the Dropper-gen is gone, but it found one file infected by adware-gen. The file is c:\windows\installer\ld95992.msi|>Binary.WxCustomActions
Can this be moved to the chest? I was afraid to, since it is in the windows directory.
Thanks for your help, I really appreciate it!
Yes that is just an installer file so will not cause a problem. But leave it in the chest rather than deleting
Once you are happy let me know and I will tidy up
The boot scans are coming up clean now, so I think it’s gone. The computer is running better, as well as an old laptop can. The only issue is that the boot process seems a little slow, I get a black screen for a short time before it proceeds to loading the desktop. A couple of files were found to be corrupted during the boot scan, I’ll run it again, and make note of them.
Should I just leave the items in the chest indefinitely? Didn’t know if there was any harm in doing so.
Thanks for all of your help, I really appreciate it.
Leave them in the chest, it is a prison for the bad boys
Is the slow start constant or just occasionally
It’s every time - goes from windows welcome screen to a black screen for at least a minute. Here are the corrupted files from the boot scan. Doesn’t seem like they should be causing issues. Any ideas?
C:\program files\hewlett-packard\hp health check\activecheck\resources\guid.zip|>10017315-0281-0514-8344-020194660048.xml error 42125 {zip archive is corrupted}
C:\users\gail\documents\my downloads\jre-7u45-windows-i586|>[embedded_r#0995a0]|>01_stringdata error 42144 {ole archive is corrupted}
Thanks for all of the help!
Lets run a clean boot and see if we can isolate the problem
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.How is the boot now ?
Thank you, the boot was much better - only a slight pause after the welcome screen before loading the desktop.
I tried to take a screenshot of the services that were disabled, but couldn’t get it pasted to notepad. How do I post the screenshot?
OK you now have a choice to make :
If the system and the programmes you normally use are working properly then stay in cleanboot mode
If you want to find out what is causing the problem we can, by a process of elimination, determine which service is at fault
I’ll cycle through the services over the next couple of days to see if I can find the program that’s causing the slow starts and report back.
Thank you!
No problem, let me know the result