Please help me. I’m annoyed with this problem for a very long time. and now its now creating shortcuts in my desktop. i was following this thread http://forum.avast.com/index.php?topic=53253.0 but it seems not working for me. can you help me too please?
Please attach your logs. (MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
Hello Good day! i attached my logs
Hi,
Please download Anti-VBSVBEx64.exe on your Desktop
[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
.
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Next →
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thank you for monitoring and helping me. this is my logs for today. thank you.
Can’t see the requested logs…!??
i modified my post sir. sorry.
No problem. Now, please be patient.
Do not use USB devices while cleaning is in progress.
Sorry my mistake in choosing tools, you have a x86 OS
Please download Anti-VBSVBEx86.exe on your Desktop
[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
.
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )
Hello! this is my log today! thanks!
Open notepad and copy/paste the text present inside the code box below:
File::
c:\windows\system32\rad701A9.tmp
c:\windows\system32\rad84576.tmp
c:\windows\system32\radE79C5.tmp
c:\windows\system32\rad2CC86.tmp
C:\autorun.inf.vir
c:\windows\system32\rad3BD60.tmp
C:\music.lnk.vir
c:\windows\system32\rad5C518.tmp
c:\windows\system32\rad833B2.tmp
c:\windows\system32\rad0F635.tmp
c:\windows\system32\rad30F6B.tmp
c:\windows\system32\rad97F9F.tmp
c:\windows\system32\radD778B.tmp
c:\windows\system32\rad7A524.tmp
c:\windows\system32\rad6623C.tmp
c:\windows\system32\rad215F1.tmp
c:\windows\system32\rad740FF.tmp
c:\windows\system32\rad3CFCD.tmp
c:\windows\system32\radE41C2.tmp
c:\windows\system32\rad81E00.tmp
c:\windows\system32\rad4E341.tmp
c:\windows\system32\radBD4EF.tmp
c:\windows\system32\rad37977.tmp
c:\windows\system32\radF76CA.tmp
c:\windows\system32\rad580E8.tmp
c:\windows\system32\rad25D2F.tmp
c:\windows\system32\rad9C55A.tmp
c:\windows\system32\rad54ADE.tmp
c:\windows\system32\radD820C.tmp
c:\windows\system32\radBF385.tmp
c:\windows\system32\radEC92E.tmp
c:\windows\system32\rad7BC47.tmp
c:\windows\system32\rad40358.tmp
c:\windows\system32\radF79C2.tmp
c:\windows\system32\rad6CAFF.tmp
c:\windows\system32\radC3425.tmp
c:\windows\system32\radE626B.tmp
c:\windows\system32\rad4642C.tmp
c:\windows\system32\rad1B1C6.tmp
c:\windows\system32\radDA694.tmp
c:\windows\system32\radCC6C5.tmp
c:\windows\system32\radA3D81.tmp
c:\windows\system32\rad9FD28.tmp
c:\windows\system32\rad7B3BF.tmp
c:\windows\system32\rad02C3A.tmp
c:\windows\system32\rad020B2.tmp
c:\windows\system32\rad1D75C.tmp
c:\windows\Fonts\autorun.inf
c:\windows\system32\DRIVERS\eamonm.sys
c:\users\Poltit\AppData\Local\Temp\esihdrv.sys
c:\windows\system32\drivers\avgtpx86.sys
Folder::
c:\program files\Common Files\AVG Secure Search
FCOPY::
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe|c:\windows\explorer.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Df5serv"=-
Driver::
eamonm
esihdrv
vToolbarUpdater15.5.0
avgtp
DDS::
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
I wish i did it right.
Ok,
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
heeereee
Tell me, how is your computer running now?
The virus is removed sir! thank you very much! thank you!
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
****************
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
.
Keep using MCShield, so this doesn’t happen in the future.
Thank you very much!