Results 1 to 7 of 7

Thread: AVAST FOUND VER " HTML:Script-inf " + TROJAN " JS:ScriptSH-inf[Trj] "

  1. #1
    Junior Member
    Join Date
    Nov 2012
    Location
    Belgium
    Posts
    3

    Default AVAST FOUND VER " HTML:Script-inf " + TROJAN " JS:ScriptSH-inf[Trj] "

    Hi there,

    When browsing the web, I am permanently notified by Avast that both Trojan + ver have been found and blocked, i.e. " JS:ScriptSH-inf[Trj] " + " HTML:Script-inf " (see enclosed notifs).

    In an attempt to get rid of these infections here are softwares I have run:
    --> Malwarebytes Antimalware
    --> Spybot Search and Destroy
    --> several Avast boot-time scans (when a/m infections were found I first moved them to the chest and then deleted them)
    --> several Avast full-system scans
    --> housecalllauncher (by Trendmicro)
    --> Rootkit Revealer

    But all this has not fixed any problem! I was urged to run Combofix but I did not since it must be done under expert supervision.

    I am therefore requesting your precious help.

    Enclosed, you can find "Attach Log" and hereafter is the "DDS log" :

    DDS (Ver_2012-11-20.01) - FAT32_x86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_35
    Run by Martin at 17:24:48 on 2012-11-27
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.267 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Documents and Settings\Martin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Martin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\D-Link\Bluetooth Software\BTTray.exe
    C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    C:\Program Files\BitComet\BitComet.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\program files\mozilla firefox\firefox.exe
    C:\program files\mozilla firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://global.acer.com
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uProxyOverride = 127.0.0.1:9421;<local>
    mSearchAssistant = about:blank
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
    uRun: [fsm] <no file>
    mRun: [LaunchApp] Alaunch
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
    mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
    mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\d-link\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\SANDIS~1.LNK -
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\d-link\bluetooth software\btsendto_ie_ctx.htm
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\d-link\bluetooth software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{8AC8B861-9FDF-43CF-9776-151C1DBA20DC} : DHCPNameServer = 192.168.1.1
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\
    FF - prefs.js: browser.search.selectedEngine - 01NET.com Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q=
    FF - component: c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
    FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
    FF - plugin: c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\plugins\np-mswmp.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-11-14 17:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-11-14 17:46; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - ExtSQL: 2012-11-15 19:14; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: 2012-11-27 15:54; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\martin\application data\mozilla\firefox\profiles\wa0qzt4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: !HIDDEN! 2009-09-03 11:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 1332bbd0-daae-46f2-932a-3ee0b02b3274
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-15 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-4 361032]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-3-30 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-4 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-15 44808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-24 30192]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-6-4 30336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
    ShellExec: OdfConverterLauncher.exe: Ouvrir avec Microsoft Word="c:\program files\clever age\add-in odf pour microsoft word\\OdfConverterLauncher" "%1"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-10-16 19:38:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-16 19:38:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-19 13:33:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-09-19 13:33:52 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-19 13:33:52 473072 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 17:25:35.14 ===============


    NB: I have not been able to generate "aswMBR Log" due to AVAST Antirootkit that has encountered a problem (see enclosed)

    Martin
    Belgium

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and Welcome!! Xmartinez14

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Xmartinez14

    P2P Programs:

    P2P programs are a major source of Malware infections.
    From your log I see you have uTorrent We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    If you wish to keep the program(s), please do not use them until your computer is cleaned.

    Information regarding the risk of using these programs can be found from here and here

    =============================== Next =======================================



    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    =============================== Next =======================================



    Please run the following:

    Please download Malwarebytes> Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back> up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
    Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

    =============================== Next =======================================



    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================

    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

    ====================================================


    Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


    On your next reply please post :
    • AdwCleaner log
    • Mbar report
    • Combofix log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  4. #4
    Junior Member
    Join Date
    Nov 2012
    Location
    Belgium
    Posts
    3

    Default Reply

    Hello Robybel,

    First of all, I would like to thank you for your time and secondly sorry for replying so late.

    Enclosed, you can find all logs requested in previous correspondence that I have managed to generate at very last , i.e.

    - AdwCleaner log
    - Mbar report
    - Combofix log

    IMPORTANT TO KNOW

    1) I have been facing problems in downloading files via Mozilla for a couple of months now. Each time I click a link to download a .XLS, .DOC, .PDF, .EXE, .JPEG, .MP3 or whatever file from Hotmail or even in direct download (DDL) from URL's (zippy, mediafire,... for instance) Mozilla Firefox Browser crashes and closes down. Downloads must be done via Internet Explorer which is quite embarrassing since Mozilla is known for better security/safety.

    2) When Combofix AutoScan had completed stage 50, it then deleted three files (.DDL) + three others + one folder, all having to do with "WinPCap".
    But nothing was happening for so long that I manually deleted folder "WinPCap", closed ComboFix window and relaunched ComboFix for a second AutoScan that generated a Log Report this time.

    3) I have noticed that "Scan options disabled: PUP | PUM | P2P" in the MBAR-Log, is that not rather strange since I was not invited to either enable or disable that option ???

    4) I have launched control panel to remove UTorrent from my computer but can not find it. However I installed EMULE + two download managers (BITCOMET and FREE DOWNLOAD MANAGER). I will remove EMULE but do you think that Bitcomet or FDM can create breaches in security ?

    NB: internet browsing seems to be way faster now

    Many thanks in advance for your time and support,

    Martin Deville
    Belgium

  5. #5
    Junior Member
    Join Date
    Nov 2012
    Location
    Belgium
    Posts
    3

    Default

    I meant (in RED)

    2) When Combofix AutoScan had completed stage 50, it then deleted three files (.DLL) + three others...

    Brgds

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Xmartinez14

    I have noticed that "Scan options disabled: PUP | PUM | P2P" in the MBAR-Log, is that not rather strange since I was not invited to either enable or disable that option ???
    Before to run a scan; MBAR, disable those services by default option

    I have launched control panel to remove UTorrent from my computer but can not find it. However I installed EMULE + two download managers (BITCOMET and FREE DOWNLOAD MANAGER). I will remove EMULE but do you think that Bitcomet or FDM can create breaches in security ?
    I'm sorry, I'm confused, I was to write "BitComet".
    For your questions read here and here

    Ok, now follow this steps

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    next

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Select Uninstall application on close check box and push


    On your next reply please post :
    • Malwarebytes log
    • ESET report

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Still with me?
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •