win32:trojan-jc, win32:zaccess infection.

my laptop has just recently been infected with the win32:trojan-gen and win32:zaccess-jc. avast seems to be repeatadly be placing these items into the virus chest. i notice that i now also have win32:malware-gen also.
is there a manual fix for this. any help would be greatly appreciated.

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

okay i done the scans and all logs attached.
not sure how to attach more than 1 file so will send each one seperate

aswmbr

extras

mbam log

and the most important. OTL.txt. ?

okay i done the scans and all logs attached. not sure how to attach more than 1 file so will send each one seperate
just below where you attach...there is a (more attachments) ;)

otl

hehe cheers. this is not easy when hungover.

do you need the mbr.dat file? as i dont seem to be able to attach it

hehe…is thats why you post some logs twice. ;D

now wait for essexboy

OK lets get at it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-578327087-4110603385-1361986703-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-578327087-4110603385-1361986703-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2012/10/27 18:14:58 | 000,004,608 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini
[2012/10/27 18:14:58 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini

:Files
C:\Windows\Installer\{450a8bd6-154f-f3fa-1a8d-55de26c8e174}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

ROFL ;D

nah that is the virus. :wink:

here is the otl log

so i disabled the avast shield control for one hour and then run combofix. but it came up with the error that it had detected that avast was running its antivirus and antispyware. is there some other way to disable avast or should i just click okay?

ignore and continue

okay here is the combofix report :smiley:

err i mean here lol