I’ve run several boot scans with avast, Safe Mode scans with SAS, Malware Bytes scans, etc. No luck removing this puppy. It’s my brother’s computer so I’m not even sure how he got it in the first place. If it helps, he’s running Win7x64

Attached the logs.

Detailed message from avast. Malware blocked
Object c:\windows\assembly\tmp\u\800000cb.@
Infection Win32:Malware-gen
Action: moved to chest
process: c:\windows\system32\csrss.exe

process: c:\windows\system32\csrss.exe

upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners when you have the result, copy the URL in the addressbar and post it here so we can see

alternatives
Jotti`s malware scan http://virusscan.jotti.org/en
VirSCAN http://virscan.org/

Essexboy is notified

Object c:\windows\assembly\tmp\u\800000cb.@

Try cleaning your temp files

Temp File Cleaner by OldTimer will clean all temp files
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

did it work ?

Definitely the new boy on the block

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - File not found O3 - HKU\S-1-5-21-1789580392-2877042858-2781086238-1000\..\Toolbar\WebBrowser: (no name) - {00F2C0C6-2194-484E-9064-44E57787867B} - No CLSID value found. O3 - HKU\S-1-5-21-1789580392-2877042858-2781086238-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1789580392-2877042858-2781086238-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1789580392-2877042858-2781086238-1000\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - File not found

:Files
ipconfig /flushdns /c
c:\windows\assembly\tmp

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks

How is it running now ? Any problems ?

Well I only kept it for about 30 minutes after I used your fix, because I was leaving town for a couple of days. Avast didn’t pick anything up in that half hour. I gave it back to my brother and he’s been playing on it and hasn’t found anything, so I guess everything’s good now. Thank you.

OK get him to run OTL and hit the cleanup button to remove the programme ;D

Hi essexboy, I also had this virus on my windows 7 x64 and did the same work you suggested to another user and it worked perfectly! Thank you very much.

You really shouldn’t run fixes created for a specific users system and problem, they are unique. Which is why there is a specific warning at the top of it.

The problem needs to be fully analysed to ensure that there is nothing else on your system.

So you should start your own new topic and post your logs there.