Hi.
I just found this virus on my computer, and I read up about it and some forums said that it spreads and spreads until you need to kill your computer!
Can I do anything? Is it being in the vault the best thing?
I’m new to this virus stuff, so please try to simplify it for me. Thanks.
I’m very scared, as I have no money for a new computer, and I need this one…
Which scans did you already run…??
Any logs to post…?
asyn
Hello ruinofthedead,
Yes, being in the “vault” or as we say the Avast Virus Chest (VC) is the safest place to be.
Hi SafeSurf.
I am running Windows XP.
I have 5.0.677
I am currently running a full scan.
My FireFox did crash a few times… not sure if that is related.
-Ruin
If any infections (malware) comes up with your scan, make sure you put them in the Virus Chest (do NOT delete them). Please post your report (if you are clean or if anything was found, post a screen shot or if unable type the exact words of the infection).
After doing the scan you are doing, check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.
Let us know if you have any questions. Thank you.
Oh, good. I have MBAM. I have been doing what you just described for a while now.
Everything has been clean so far in the scan. Almost done.
But I saw another thread, http://forum.avast.com/index.php?topic=36236.15 to be sure, that said it kept coming back upon startup. Do you think the -b in my virus would make it different?
I dont restart my computer very often.
And one more thing, if my computer comes up clean in both scans, and I have the current virus in the chest, AND I can re-boot without it being detected again as said in the thread, am I clean? I have nothing to worry about?
The link you posted is 2 years old, and I would really need to see your MBAM log before I could answer your question.
You could run an Avast boot-time scan as long as you have a 32-bit machine. Post your results.
Also, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode). Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Should you have real bad nasties and can’t boot up after doing your other scans, I’ll have information needed to refer you to our Certified Malware Expert.
Let me know if you have any questions. I’ll be signing off shortly, but will check in later.
I have 32-bit. Thank you for your help.
I doubt I have a killer virus.
Let’s hope not. But just in case, we have some killer tools too. ;D
You can attach the MBAM and OTL logs if you like to save room and make it easier for you. I’ll review them later.
Just in case you do have malware:
Please do not make any further changes to your machine once you have provided the logs.
Thank you.
Well, I did a boot-scan, and it found one infected file.
MBAM didn’t get any Malware, and Avast full scan came up clean after the boot-scan.
Gonna get the MBAM and OTL logs in a few. I’m on my friends laptop. 
Thank you so much for your help.
Edit How can I get the logs from Avast scans?
Check this for the boot-time scan, C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt (winXP location). There will be other logs in there.
Avast Boot-time scan.
CmdLine - quick
aswBoot.exe /A:“C:” /A:“" /A:"” /L:“1033” /heur:80 /pup /archives /IA:0 /KBD:3 /dir:“C:\Program Files\Alwil Software\Avast5”
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
ReadRegistry
KbThread start
DATA=C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5
PROG=C:\Program Files\Alwil Software\Avast5
BUILD=677
Microsoft Windows XP Service Pack 3, v.3311
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
aswcmnbDllMain
cmnbInit
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:“C:” /A:“" /A:"” /L:“1033” /heur:80 /pup /archives /IA:0 /KBD:3 /dir:“C:\Program Files\Alwil Software\Avast5”
CmdLine end
Program folder: C:\Program Files\Alwil Software\Avast5
Engine folder: C:\Program Files\Alwil Software\Avast5\defs\10120500
TimeStamp: 4cf64fda
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,32,00,00,00,2C,00,00,00,
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,26,00,00,00,84,9A,19,00,
00,00,61,00,75,00,74,00,6F,00,63,00,68,00,65,00,
63,00,6B,00,20,00,73,00,6D,00,72,00,67,00,64,00,
66,00,20,00,43,00,3A,00,5C,00,44,00,6F,00,63,00,
75,00,6D,00,65,00,6E,00,74,00,73,00,20,00,61,00,
6E,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,
6E,00,67,00,73,00,5C,00,4E,00,65,00,72,00,67,00,
69,00,73,00,20,00,4D,00,61,00,6C,00,61,00,76,00,
65,00,5C,00,41,00,70,00,70,00,6C,00,69,00,63,00,
61,00,74,00,69,00,6F,00,6E,00,20,00,44,00,61,00,
74,00,61,00,5C,00,69,00,6F,00,6C,00,6F,00,5C,00,
00,00,61,00,73,00,77,00,42,00,6F,00,6F,00,74,00,
2E,00,65,00,78,00,65,00,20,00,2F,00,41,00,3A,00,
22,00,43,00,3A,00,22,00,20,00,2F,00,41,00,3A,00,
22,00,2A,00,22,00,20,00,2F,00,41,00,3A,00,22,00,
2A,00,22,00,20,00,2F,00,4C,00,3A,00,22,00,31,00,
30,00,33,00,33,00,22,00,20,00,2F,00,68,00,65,00,
75,00,72,00,3A,00,38,00,30,00,20,00,2F,00,70,00,
75,00,70,00,20,00,2F,00,61,00,72,00,63,00,68,00,
69,00,76,00,65,00,73,00,20,00,2F,00,49,00,41,00,
3A,00,30,00,20,00,2F,00,4B,00,42,00,44,00,3A,00,
33,00,20,00,2F,00,64,00,69,00,72,00,3A,00,22,00,
43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,
61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,
5C,00,41,00,6C,00,77,00,69,00,6C,00,20,00,53,00,
6F,00,66,00,74,00,77,00,61,00,72,00,65,00,5C,00,
41,00,76,00,61,00,73,00,74,00,35,00,22,00,00,00,
00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
Global exclusions:
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 3
\Device\KeyboardClass0 failed: 0xC0000034
CPU: Phys(2), Log(2), Aff(2), Feat(0000001f)
FreeMemory: 2838917120
avworkInitialize
FreeMemory: 2838028288
\Device\KeyboardClass0 failed: 0xC0000043
s_dwKbdClassCnt: 3
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *BOOTC:
Loading raw access support
avfilesScanAdd *RAW:C:\ [Fs: 000500ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
1, 5, 0, 0, 0
GetKey end (4/34)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
1, 5, 1, 0, 0
avfilesScanRealMulti finished
Runtime: 2841312ms
avworkClose
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog
How is your machine acting now?
The infection you found after doing the boot scan you put into the Virus Chest? If not, please tell me what you did with it.
If you could please provide the OTL logs (2) as an attachment, I’d appreciate it. Thank you.
It’s acting fine, Though I did get some audio problems Clicking from my speakers/headphones
Yes, the virus was put in the Chest.
I’m running the OTL now, as I’m getting offline soon, and it said to run with no other programs.
Check to see if all your connections (wires) are secured.
I’ll await your OTL logs. Thank you for the update.
That isn’t the file that I mentioned above, that is more help to a tech when debugging a problem, for one for us mere mortals, check the one I mentioned.
As I said - Check this for the boot-time scan, C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt (winXP location).
This would be the moment of truth, huh?
I’m on my moms old comp that she gave me, so that will explain the name. 
It also said on OTL.txt that if I saved it as ANSI that I’d lose some data from the text. Is that okay?
If everything turns out okay, you have my deepest gratitude. I would be seriously screwed if my machine died, and I didn’t have a computer (Banking, Email, Ordering online, Etc)
Thank you for posting your OTL logs. I have referred your case to our Certified Malware Expert, Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.
Please do not make any further changes to your machine now that you have provided the logs.
Please let me know if you have any further questions. Thank you.
Avast found two of those viruses.
I clicked move to chest, but it couldnt find file specified.
My task manager also showed an un-closable program. A bunch of numbers… here’s an example. “A1297A73618-27498A-848E-84-5AF44” I re-booted, and it went away.
Yahoo answers said it’s a file corrupter. I am trying what someone suggested. Dr.web. (I wasn’t thinking. It was early in the morning, and I was freaking out.)
Here are my current questions.
3. Will re-installing windows save me? Or will system restore do it?Of the two a reformat is always the best option. But it may not be required unless you fancy a fresh start
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\arjuw.sys -- (vnkifm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM) [2010/08/19 17:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Momma\Application Data\Mozilla\Firefox\Profiles\0jlcfp74.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.