Hi,
Has anyone even the slightest idea about how to permanently get rid of Win32:Dyre-B (Trj)? Have had numerous pop ups informing me that avast has ‘blocked’ it and that I should reboot and run a boot time scan but, even after doing so three times, Win32:Dyre-B(Trj) is still in my system. What do I do? Please bear in mind I am computer illiterate. Thanks in advance.
Sean
Hi there,
Follow this guide and attach the logs from OTL, Malwarebytes and aswMBR : https://forum.avast.com/index.php?topic=53253.0
Please make sure to save logfile from OTL as ANSI
A Malware expert will help you from there, but there might be noone online until tomorrow. 
Hello Sean2,
Instead of standard procedure we usual require (MBAM, OTL and aswMBR) please run system diagnostics with these two tools for now. That will allow me to quickly ascertain whether or not malware may be running on your machine and how to map my strategy for attack.
=> Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
=> Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:
Gmer download link
Note: file will be random named
Double-clicking to run GMER.
[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click [ Scan ] button and wait until the full scan is complete;
[*]Click [ Save … ]- save the report to the Desktop (named ARK );
Hi
Thanks for the suggestions and help; I have run what I can (and included logs where I can) but Farbar Recovery Tool and GMER failed to run.
Hope the logs I’ve attached can help. Thanks in advance.
Sean2
Hi Sean2,
...but Farbar Recovery Tool and GMER failed to run.
I can understand if GMER fail to run but why Farbar Recovery Scan Tool failed? Can you describe me what exactly happens when you duble-click on FRST.exe/FRST64.exe? Can you download fresh FRST and try to re-run? ScreenShot will do if some error occurs.
Whan Operating System are you using?
— — —
Let’s try alternative tool tool as well …
[*] Double-click dds+.exe;
[*] Expand(click [ + ] ) the “options for dds.txt” option then uncheck check MBR;
[*] Click Start button;
[*] When finished, it will produce a DDS.txt log and an Attach.txt log and also save them to your desktop.
[*] Please attach DDS.txt and Attach.txt log in your next reply.
— — —
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
StandardSearch;
Uninstall-List;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Hi
My operating system is Windows 7 Professional. As you suggested, I re re ran Farbar and this time it worked (entirely ‘user error’ - my fault) Please find enclosed the logs and txt files.
Again, I really appreciate this.
Sean2
[list]Hello Sean2,
Multiple Antivirus Programs
You are running more than 1 Antivirus program!
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.
Next … know that Spybot S&D software mighty as is in his time, today is outdated and it can not match to the new malware with his old engine.
And know that these registry cleaner you have may only slow down your system. This is not Windows XP era, Windows 7 is the new OS, you do not want mess that one, beleve me.
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
[i]For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file (
http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
> The following reports will be created in mbar folder:
Please post both logs in your next reply.
Hello
Have run MBAR and have included documents asked for. Have uninstalled Spybot and registry cleaner.
Thanks for your help - glad someone was around this weekend!
Sean2
Hi,
Have you noted my advice and warning for two active antivirus?
Can you re-attach the system-log from MBAR but this time save it as “Encoding: ANSI”, see the image below:
Also, can you post me the screenshot of antivirus detections for Win32:Dyre-B (Trj). I shall require the full file path (full info).
Hi
Here is the system log as ANSI. Not sure how to provide screenshot. Will be keeping avast. Not sure how to uninstall Microsoft security essentials.
Avast is telling me that I have Win32:Dyre-B (Trj) - I have been pulling my hair out, but I came accross this thread on Google. I will run Farbar and GMER.
@oliver5
You should open your own thread for your self and someone will help you. This thread is Sean2 only. 
But you could assist by just post the ScreenShot here? It may help to resolve this case and yours in future.
@Sean2
http://www.take-a-screenshot.org/
Or you may use the integrated Windows shipping tool.
http://windows.microsoft.com/is-is/windows7/products/features/snipping-tool
Abaut MSE, use the uninstall tool. You may download the uninstall tools from one of the following link:
http://singularlabs.com/uninstallers/security-software/
http://www.askvg.com/ultimate-collection-of-uninstallers-removal-tools-for-all-popular-anti-virus-software/
This is the Virus Chest.
Ah … detection is from %windir%\temp. This is junk related (you may consider that as FP detection) and zoek shall preform the hard cleaning of that right away.
Please download zoek by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Hi
Please find enclosed results log from zoek. I hope this helps.
Thanks.
Sean2
Hi Sean2,
I didn’t tell you to check any boxes and you did check the ‘Do a Deep Scan’. I just told you to run zoek with AutoClean; script.
Anyway, zoek has been used the ‘hard’ method for cleaning these temp/junk files. The avast! detection should disappear now.
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sean\AppData\Local\Temp will be emptied at reboot
C:\Users\Technician\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Sean\AppData\Local\Temp successfully emptied
How are the thing with avast! now?
I’m sorry, it was my mistake.
In fact, I’ve not had any warnings since Sunday morning, so I’m quite confident that Avast has done it’s thing already, but this has been a great help and benefit for me in many other ways - not least of which is showing me an arsenal of tools I can ‘call on’ if need be.
Thank you for your time and expertise. I’m glad you were around.
Sean2
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.