My computer got infected with some nasty stuff (Using my friends computer right now). There was this website that was redirecting to a fake PayPal page. on of those .in extensions.
Even though I was able to use the computer I knew it was filled with viruses because of how slow it was and because I was the only one being redirected. My friend went to the same website and did not get redirected.
First I used malwarebytes to scan the PC and it only detected 2 PUP which were harmless. I still removed them just in case. I decided to go deeper and used the TDSSKiller it caught 8 threats. 1 of them was the sptd usually related to the google redirect virus. I don't remember the name of the other 7.
I deleted all of them and I was told to reboot the system. I rebooted, everything booted normally, however, my keyboard and mouse do not work. They are completely frozen and only work before windows starts in BIOS.
I realized that the only thing I could use was my DVD/CD so I used Avira rescue disk. Unfortunately, I can't copy the log to this PC exactly how it looks like but I copied the most important things and will list them below in a sec.
Avira was able to rename a couple of HTML/IFrame.JA.1 and Trojans such as TR/Dropper.GEN
But other it says archive scan aborted. I decided to try the AVG rescue disk next. I used the scan I could only due it half way because the light went off...yeah I know lucky me.
I will leave the half report below right after the Avira one. After all of this I'm still in the situation and my keyboard and mouse (USB) still don't work. I tried using an old non USB keyboard but no luck.
I'm going to use the bit defender rescue disk next meanwhile I leave the reports since I'm not very good at handling these things I was hopping for assistance.
Thank you.
AVIRA SCAN:
TR/Crypt-XPACK.Gen [archive scan abort]
TR/Dropper.GEN [renamed]
BDS/Gendal-654428 - renamed
BDS/Gendal-683423.2 - renamed
Java/Fester.L - archive scan abort
Java/Exdoer.DH.2 - archive scan abort
JAVA/Exdoer.EX - archive scan abort
SPR/Autolt.Gen - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
HTML/IFrame.JA.1 - renamed
SPR/Hacktool.231936 - archive scan abort
TR/Gendal.kdv.294349 - archive scan abort
TR/Agent.339896 - renamed
TR/Agent.155648.30 - renamed
TR/Gendal 6690843 - renamed
TR/Gendal 6690843 - archive scan abort
BDS/Gendal.662620 - archive scan abort
invalid or corrupt - rarnew.dat
archive type- left 4 dead
end of file - keyword elite uninstallexe
bad compressed data- proxy checker unistallexe
end of file- gamers first uninstall exe
end of file - GrindSoft/Lines/Uninstall
A malformed archive header was detected - Serif/WebPlus Starter Edition/3-0/Data/FillTableconical.zip
end of file - SpeedFan/uninstall.exe
end of file - StumbleUpon/PostInstall.exe
end of file - StumbleUpon/PreUninstall.exe
bad archive header - AppData Plus500
AVG HALF SCAN:
AVG command line Anti-Virus scanner /mnt/sdd1/
PUP Tool.LN
/Program Files/Counter-Strike/platform/Friends/friendsUI.dll Runtime packed nspack
/Program Files/HideMyMac/mxid.dll Runtime packed nspack
/AppData/Local/Microsoft/Windows Defender/Filetracker/{051080FB-A0F8-4A77-B818-580411353E41} Virus Found Hosts
/AppData/Local/Microsoft/Windows Defender/Filetracker/{CED2FB3F-C2D8-474B-A179-2DA772753A80} Virus Found Hosts
Trojan Horse Generic3_c.CLFX
Trojan Horse Backdoor.Generic14.NAX
Trojan Horse Java/Agent.GX
Trojan Horse Java/Agent.FL
Trojan Horse Java/Agent.GX
Trojan Horse Java/Exploit.LJ
Trojan Horse Java/Agent.FB
Trojan Horse Java/Agent.FA
Trojan Horse Java/Exploit.LJ
Trojan Horse Java/Exploit.HS
Trojan Horse Java/Exploit.HP
Trojan Horse Java/Exploit.HS
Trojan Horse Java/Agent.EW
Trojan Horse Java/Agent.EW
/AppData/Local/Roaming/Octoshape/ Corrupeted executable file
/AppData/Local/Roaming/Octoshape/ Corrupeted executable file
PUP Tool.LN
PUP Tool.LN
Trojan Horse Generic3_c.CJNK
Trojan Horse Generic3_c.CJNK
hosts.txt Virus Found Hosts
PUP Tool.LN
PUP Tool.LN
ALL RENAMED SUCCESS ACCORDING TO AVG. (I did not copy all paths since it was too much to type by hand and I was in a hurry)
Edited by Nancy123, 13 December 2011 - 06:23 PM.
Sign In
Create Account
