I had/have this virus on my machine. Running windows 7. I ran the Avast virus scan as well as the boot scan. This found the virus and moved it to the chest along with a few other viruses that I assume “dropper” down loaded. Not feeling quite confident that it was completely removed based on what I have read about this virus, I followed the instructions in “logs to assist in cleaning malware”. I ran MBAM quick scan and 4 viruses were found and removed. I then ran the full scan and 4 more were found and removed. I am attaching the logs. I also ran the OTL and aswMBR. I am attaching those logs for these in another post as this one is now as big as they will allow. My machine seems to be running okay now. If anyone who knows what they are looking for in these logs sees something that may indicate that the virus was not irradicated then please let me know. If I see anything that is abnormal I will post again to describe the issues.
MBAM logs
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Wireman :: WIREMAN-PC [administrator]
Protection: Enabled
1/11/2014 5:52:53 PM
mbam-log-2014-01-11 (17-52-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254599
Time elapsed: 6 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (“%1” /S) → Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (regedit.exe “%1”) → Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\Wireman\AppData\Local\Temp\CT3317209 (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.
Files Detected: 1
C:\Users\Wireman\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) → Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Wireman :: WIREMAN-PC [administrator]
Protection: Enabled
1/11/2014 6:06:52 PM
mbam-log-2014-01-11 (18-06-52).txt
Scan type: Full scan (C:|D:|F:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419559
Time elapsed: 59 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Wireman\Documents\Local Settings\Temporary Internet Files\Content.IE5\GEKK4EQ8\1273592175[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
C:\Users\Wireman\Documents\Local Settings\Temporary Internet Files\Content.IE5\O73OMIZ2\8572[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
C:\Users\Wireman\Documents\Local Settings\Temporary Internet Files\Content.IE5\W36I8PCV\logo[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
F:\WIREMAN-PC\Backup Set 2013-12-22 190003\Backup Files 2013-12-29 190003\Backup files 2.zip (PUP.Optional.BundleInstaller.A) → Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Wireman :: WIREMAN-PC [administrator]
Protection: Enabled
1/11/2014 7:13:23 PM
mbam-log-2014-01-11 (19-13-23).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 203598
Time elapsed: 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
2014/01/11 17:50:40 -0500 WIREMAN-PC Wireman MESSAGE Executing scheduled update: Daily
2014/01/11 17:50:44 -0500 WIREMAN-PC Wireman MESSAGE Starting protection
2014/01/11 17:50:44 -0500 WIREMAN-PC Wireman MESSAGE Protection started successfully
2014/01/11 17:50:44 -0500 WIREMAN-PC Wireman MESSAGE Starting IP protection
2014/01/11 17:51:02 -0500 WIREMAN-PC Wireman MESSAGE IP Protection started successfully
2014/01/11 17:52:21 -0500 WIREMAN-PC Wireman MESSAGE Starting database refresh
2014/01/11 17:52:21 -0500 WIREMAN-PC Wireman MESSAGE Stopping IP protection
2014/01/11 17:52:27 -0500 WIREMAN-PC Wireman MESSAGE IP Protection stopped successfully
2014/01/11 17:52:27 -0500 WIREMAN-PC Wireman MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2014.01.11.06
2014/01/11 17:52:30 -0500 WIREMAN-PC Wireman MESSAGE Database refreshed successfully
2014/01/11 17:52:30 -0500 WIREMAN-PC Wireman MESSAGE Starting IP protection
2014/01/11 17:52:32 -0500 WIREMAN-PC Wireman MESSAGE IP Protection started successfully
2014/01/11 18:02:58 -0500 WIREMAN-PC Wireman MESSAGE Starting protection
2014/01/11 18:02:58 -0500 WIREMAN-PC Wireman MESSAGE Protection started successfully
2014/01/11 18:02:58 -0500 WIREMAN-PC Wireman MESSAGE Starting IP protection
2014/01/11 18:03:01 -0500 WIREMAN-PC Wireman MESSAGE IP Protection started successfully
2014/01/11 19:09:56 -0500 WIREMAN-PC Wireman MESSAGE Starting protection
2014/01/11 19:09:56 -0500 WIREMAN-PC Wireman MESSAGE Protection started successfully
2014/01/11 19:09:56 -0500 WIREMAN-PC Wireman MESSAGE Starting IP protection
2014/01/11 19:09:59 -0500 WIREMAN-PC Wireman MESSAGE IP Protection started successfully