edit:
now ive seen the reply on the other topic. i will follow this instruction and post the results here.

okay guys. ive searched and found 2 topics… both od them could not help me. so ive decided to create a new one…

some time ago… it starts to pop up every second everytime up to 51/51 (popups) after the 51. the popup close and the fun will start again… up to 51.
the infected are everytime stuff like

“Tight Kit.bat”
“Kit Samples.exe”
“Production Kits.exe”
“Dragon Kit.bat”
“Acoustik Kit Samples.exe”
“GVA Kit.bat”

and now again Kit Samples.exe…

the “funny” about that is…
that this happens in my C/Users/Public/Documents/Battery 3 Library folder… a plugin i use to make music.
if i seach in this folder for this names… i find stuff like;

“Tight Kit” folder and “Tight Kit.kt3” battery 3 files…
“GVA Kit” folder
(and so on)…

so i think this trojan try to create replicas of itself everywhere… and try to name them like a folder or other kind of files…

what ive tried:

ive tried Malwarebytes Anti-Malware
ive tried Malwarebytes Anti-Rootkit
ive tried Spybot Search and Destroy

nothing helped…

ive updated my Avast and updated my avast library… it still find the executables and delete them before they could be started… but the trojan itself is still here… ( i mean it creates them or not?)

or is this a other trojan that couses a avast Fake-Alert?

( i hope that its not a problem i use a extern Picture upload… if its so… pls tell me and i will upload it here… but i like this more…)

http://gyazo.com/09f4d37ad1823c887dada6326309e270.png

this one is german… i will translate it…

Trojan found and blocked!

avast filesystem security found a trojan
no action required

Object: Path to “blocked excutable or bat”
Infection: you can see it on the picture… same in english
Action: Deleted
Process: PID 4

a threat was found and blocked in production or change. (oh… my english is bad…)

avast shows me “1474 files checked, 792 infected” in my file system security
but i think thats the new created from that trojan.

what can i do?.. i dont know what to do now… its horrible… i cant even make my music
my computer is soo slow now after that problem appears. i never had a problem like this before

sorry for my bad english… i do my best.

thanks… if anyone need more informations… pls tell me…

Grats… RedRaw

• ADWCleaner (translated nothing changed on important values)
• mbam log (translated nothing changed on important values)

more follow now (Malwarebytes quickscans now my pc)

now avast tells me that i have the same trojan

http://gyazo.com/45dea0c22db68ccbf7b1d299c8163d36.png

now its inside my cybyerlink software folder… nice
and i recognized that i didnt updated avast… just the database… new design i great.

To me that sounds like a file infector…

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

https://dl.dropbox.com/u/73555776/liveusb_ru.jpg

[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdbootscreen.gif

[*]Use arrow keys to select DrWeb-LiveCD (Default)

[*]When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdDriveselection.gif

[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[]Once completed reboot to normal windows
[*]No log is produced so once in normal windows let me know if the problems persist

thanks… i will try it…

mbam 0 infected files(…)

hez guys… im now in drweb

ive got a lot “cant scan”
it this caused by compressed rar files with password?
alot samples ive recorded in my studio and i compressed in a rar file so nobody can rip my selfmade samples…

MBAM will not be able to detect file infectors as it has a different task

ah okay i can see why its unable to scan some files… some files a splitted inside the rar…

edit

got 2 infected threads until now
40k scanned files

still waiting >D

guys…

scanning 0%… and 28 minutes]60k files… is this normal?

Malwarebytes also does not scan compressed files

nono… i talk about drweb

It will depend on the amount of files that you have on the system as Dr Web scans the lot

edited

jeah a 900k until now…
and 82%
3h50m

3 infected
1 malicious

hey guys … i have another question…

a long time ago… i was active in the demo scene… maybe you know what i mean.
64kb demos and stuff like that…

i have some left… not mine but demos from friends… i know that they are clean…
now dr.web said that they are infected… okay… i dont have a problem to delete them.
but if i try to delete them via dr.web i got only “no space left on device”
i dont know what i can do…(i think that they not infected i think that they are under suspicious in dr.web i have 2 in dr.web listed… and 2 demos are listed too.)

If you are happy then leave them for now. Once Dr Web has completed I will look at the remainder of the system

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

hmh… no… it just forced to close (dr.web scan) before it finished…
after that my internet connection on dr.web was gone…

now after a restart the first thing what happend is that avast block some “exe” and “bat” files again…

i recognize… that the first exe what avast blocks… is everytime “public.exe” on my users/public…

OTL is running… (running vor 10 mins now. xD i thought it doesnt need long :D)

now runnig for 30 minutes… look like its not working o.O

it seems that OTL wont work

over 50 minutes now…

OK that gives a possible hint, will OTL run in safe mode ?

If it does not then

[*] Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

https://dl.dropbox.com/u/73555776/RKScan.GIF

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

https://dl.dropbox.com/u/73555776/RKDelete.GIF

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

okay guys… here comes RKreport 1, 2 and 3… i translated it fast.

i will try OTL now in savemode

OK that confirmed that the MBR is good

hmh… MBR was the boot sector right?..

how long does it normaly take with OTL?

Dependant on system size up to 10 minutes… You should see the progress on the bottom

ah… good… it takes a stroll through my system…
my resolution in savemode is just to small haha…

i hope it works now fine.