Maybe it’s just me but a lot of people seem to have these 2 viruses popping up on their PCs!
I left my PC in the “care” of my little brother for a month and he’s filled it with games and viruses…smart of me, eh? ;D
:-[
anyways here are the mbam and OTL logs… i saved them as ANSI, but i did not get a extra.txt when I ran OTL
I’ll be putting up the other log in a momnet.
PLEASE HELP!!!
do you also have the aswMBR log ?
here it is
wow a lot of people seem to be having the same problem
maybe we all got it from some common site… well every time i search something on google avast seems to pop up
Thats what little brothers are for ;D There are also a lot of toolbars… I will just remove Babylon for now
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL IE - HKU\S-1-5-21-2186011717-4103773626-2024682734-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111434&babsrc=SP_ss&mntrId=645e353a00000000000000ff9d6840ca [2010/11/12 19:34:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/03 23:24:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/16 20:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/19 18:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. [48 C:\Windows\Installer\{2da867cb-d76e-8dd7-8035-3cd7085e34d3}\U\*.tmp files -> C:\Windows\Installer\{2da867cb-d76e-8dd7-8035-3cd7085e34d3}\U\*.tmp -> ]:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto /c
C:\Windows\Installer{2da867cb-d76e-8dd7-8035-3cd7085e34d3}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Its was just running now, but a cmd window opened and the pc froze for a while… now it went away by itself…now its creating the restore point and asking me not to disturb it … i have a feeling it didnt go right :-\
And by the way i dont have firefox… well it shows up on my program list but it never gets uninstalled and i have never found the program either. Its something like a ghost.
If it takes too long to make a restore point, can i just restart?
The reason for the length of the run was that OTL was reseting the windows update service, and resetting the winsock to remove malware elements
Should soon be done
It still hasnt finished creating the restore point. Should i retry?
Yes stop now and continue to the next step
after forcefully restarting my pc OTL gave me a log ( i’ve attached that)…then I ran the fix in OTL as per the instructions then got another log… I’ve attached here as OLT-2. Then I installed ComboFix and ran it and here is the log, also attached.
Well… now, there does not seem to be anymore problems,no pop-ups or stuff.
I hope that’s it 
OK lets now check for damage
https://dl.dropbox.com/u/73555776/FSS.GIF
Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Here it is…sorry for the delay
well i had been using the pc, and there are no more virus alerts, thank god.
I’m gonna install a security camera on my brother’s forehead now >:D
Could you download bits.reg from the link below
Right click the link and select “Save Target As…” to your desktop
https://dl.dropbox.com/u/73555776/bits.reg
Right click the reg file and select merge
Reboot the computer and try windows updates