Hi all I’m new to the forums and would appreciate some help if possible.
I haven’t had any problems with malware or Trojans for a number of years, but last night I seem to have picked up a Trojan. The names above are those that are showing.
I was initially using Windows Defender which kept flagging up (approx. every 5 mins) that a threat had been detected and required to be cleared. I duly clicked “OK” but whilst this was going on I noticed that my internet history was slowly increasing - I assume it was accessing Ad sites as part of its attack.
I immediately downloaded Avast (should have earlier in fact) and carried out a full system scan. This took a few hours and whilst the scan was ongoing the same pattern of blocking every 5 or so mins was repeating.
Finally once the scan was complete Avast flagged and moved a number of infected files to the virus chest. I then carried out a boot scan and it uncovered a few more infected files which I also moved to the virus chest. At this stage when my computed restarted the pop-up notices seemed to cease and my internet history stopped changing. I assume this has cleared the problem but I’ve not encountered this before so wanted to ask a couple of questions to check:
(1) Can anyone explain exactly what bad thing has infected my computer?
(2) What should I do with the various files that are in the virus chest (i.e. should I simply delete them? I’m nervous about deleting them and affecting the running of my computer)?
(2) How can I check that the Trojan has definitely been removed and killed?
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
(2) What should I do with the various files that are in the virus chest (i.e. should I simply delete them? I'm nervous about deleting them and affecting the running of my computer)?
that is what the chest (quarantine) is fore, so you have the option to restore
so there is no rush to delete from chest
Looks like Avast got nearly all of this … It is an older variant of Zero Access/sirfef
Cheers Pondus
Just a few repairs to do
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
I’ve done this and restarted my computer a couple of times.
Log attached.
It’s running slightly slower than it was before I installed combofix.
I’m also having quite a few problems using internet explorer - it doesn’t seem to be loading pages now (even although I’m connected to the internet) and I have to keep either refreshing the page or clicking the compatability view button.
:Files
netsh winsock reset catalog /c
netsh int ip reset reset.log hit /c
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I’ve done this, rebooted my computer and attached the log.
Still having problems using internet explorer - pages are loading blank until I click “refresh” or “compatability view” a number of times. Any idea why this might be?