Can you give the name of the file and location?I did the usual "safe mode" scans (SpybotS&D and Malwarebytes) and to my horror, discovered a Trojan.
I found traces of evilhookv1.exe on your computer, you know anything about this?
VirusTotal
evilhookv1.exe has been detected as malware by 33 anti-virus scanners
~~~~~~~~~~~~~~~
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.
- When should I re-format? How should I reinstall?
- Help: I Got Hacked. Now What Do I Do?
- Where to draw the line? When to recommend a format and reinstall?
~~~~~~~~~~~~
Let's remove the task associated with this.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.start
CloseProcesses:
Task: {9A7DCD71-8D63-494D-B2D2-3F6FB7173077} - System32\Tasks\{D33C49EA-3BFE-4E3E-844C-93C784E4F383} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
Task: {9ED45585-4891-4C62-9AC9-8F74A5A6141C} - System32\Tasks\{3E8FC120-1833-4FE9-A8BA-E86A1492C626} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~`
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Malwarebytes Anti-Rootkit
