Win32:Explor-DU [Trj]

Yesterday avast detected one trojan: Win32:Explor-DU [Trj] when I started my computer (windows 7). I tried to eliminate the Trojan via avast, that didn’t work. I tried to restore the system with windows utilities but the worm was detected again.

So, I follow the messages of “Jazzenelya” I this forum. I follow the follow instructions to delete one trojan:

I had a problem with Adwcleaner. At the beginning, I couldn’t start it because there was the following error:
line 3161 file c:/user/user/desktop/adwcleaner.exe:
Error: variable used without been declared

I post one message in the Adwcleaner forum. At the same time I run Malwarebytes Anti-Malware, that detected and erased 2 “viruses”.

After I could normally run Adwcleaner without error. So I started everything again: Adwcleaner,
Malwarebytes Anti-Malware,
OTL (twice because the first time I forgot to copy the code)
aswMBr.exe (twice because the first time I stopped it before)

I don’t understand the logs. Could you please verify them to see if everything is ok? My computer seems to work normally.
Thank you,

Logs in order attached – more 10000 chars-

Depuis hier j’ai un problème avec le trojan: Win32:Explor-DU [Trj]. Mon avast l’a détecté au démarrage. J’ai essayé de l’éliminer avec l’outil avast et aussi j’ai restauré le système avec celui d’il ya quelque jours. Tout sans résultat.
Donc j’ai suivi les échanges avec Jazzenelya et j’ai suivi à la lettre les étapes pour enlever un trojan.
Seul problème est qu’un erreur apparaissait avec adwcleaner (Erreur dans le file adwcleaner.exe, une variable n’a pas été assignée).
J’ai posté un message sur le site adwcleaner, et en attente de sa réponse, j’ai lancé le Malwarebytes Anti-Malware, qui m’a enlevé 2 “virus”.
Ce la que j’ai pu lancer sans erreurs le Adwcleaner, et j’ai tout recommencé: adwcleaner, Malwarebytes Anti-Malware, OTL (j’ai lancé 2 fois car j’ai oublié le code a copier-coller), et aswMBr.exe (que j’ai lancé 2 fois car je pensais que ça avait fini et non je l’ai arrêté avant).
Je ne suis pas très technicienne, Pourriez vous vérifier que tout est en ordre et que je n’ai plus un virus?
Merci d’avance
Voici les logs en l’ordre lancé: attaché car il y plus de 10000 chars.

Hi could you post a screenshot of the Avast alert please

You will also need to reset chrome start page manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

O3 - HKLM\..\Toolbar: (no name) - !{1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-158052431-1359819727-2220171287-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-158052431-1359819727-2220171287-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Archivos de programa\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)



[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Thank you essexboy.

a) I don’t have anymore the message at starting the computer, but here the Avast screen. Attached at the end.

b) Here the OTL log named: 12162012_183808

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\!{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-158052431-1359819727-2220171287-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-158052431-1359819727-2220171287-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully.
C:\Archivos de programa\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll moved successfully.
========== FILES ==========
C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers folder moved successfully.
C:\PROGRA~1\SearchCore for Browsers folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2840 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Enfants
->Temp folder emptied: 41413799 bytes
->Temporary Internet Files folder emptied: 55448094 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 19908463 bytes
->Flash cache emptied: 26918 bytes

User: Public

User: User
->Temp folder emptied: 1301380539 bytes
->Temporary Internet Files folder emptied: 648178855 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 60695476 bytes
->Google Chrome cache emptied: 6860100 bytes
->Flash cache emptied: 66245 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 90112 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184137780 bytes
RecycleBin emptied: 2601 bytes

Total Files Cleaned = 2 211,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version log created on 12162012_183808

Files\Folders moved on Reboot…
File move failed. C:\Windows\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

c) Attached the new analisys.

d) I unistalled chrome


It looks as though Avast killed it for us

How is the computer behaving now ?

Apparently everything ist normal, no message, no pb with explorer.
The dec.13th I had all the time the Altert message, before running Malwarebytes Anti-Malware (who deleted 2 malware-viruses) and ADWclean.

I will wait a few days to give you a 100% possitive answer.

Best Regards and THANK YOU VERY MUCH / Mil Gracias / Mil Mercis / Danke sehr Inhen!!!

Aye let me know tomorrow or the day after and I will remove my tools if all is OK