Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cloud Av 2012 Virus [Solved]


  • This topic is locked This topic is locked

#16
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi maliprog,

I think the scan froze mid way through, I left it running for 17 hrs or so (went to bed, woke up, went to work etc), & came home to find it still at 1% Completed so I stopped the scan & have pasted the Detected Threats Report below:

I'm also sorry, because there were 2 infections where I clicked on 'quarantine' instead of 'delete' only to remember that you instructed me to delete all infections found.

Should I rerun the scan?


Status: Deleted (events: 5)
6/01/2012 1:30:41 AM Deleted Trojan program Trojan.Win32.Jorik.Xtoober.cdc C:\Documents and Settings\phan\Application Data\Sun\Java\Deployment\cache\6.0\48\c48f770-393668ec High
6/01/2012 1:56:16 AM Deleted Trojan program Trojan-Downloader.JS.Agent.gmf C:\Documents and Settings\phan\Local Settings\Temporary Internet Files\Content.IE5\3HZFN191\jquery-1.6.2.min[1].js High
6/01/2012 1:56:17 AM Deleted Trojan program Trojan-Downloader.JS.Agent.gmf C:\Documents and Settings\phan\Local Settings\Temporary Internet Files\Content.IE5\A37L2KHN\menu[1].js High
6/01/2012 2:03:53 AM Deleted Trojan program Trojan-Downloader.JS.Agent.gmf C:\Documents and Settings\phan\Local Settings\Temporary Internet Files\Content.IE5\S2BNGZ2H\script[1].js High
6/01/2012 3:04:39 AM Deleted Trojan program Backdoor.Win32.Gbot.qwk C:\_OTL\MovedFiles\01052012_233342\C_Documents and Settings\phan\Application Data\dwme.exe High
Status: Absent (events: 1)
6/01/2012 9:18:26 AM Not found Trojan program Trojan.Win32.Jorik.Xtoober.cdc C:\Documents and Settings\phan\Application Data\Sun\Java\Deployment\cache\6.0\48\c48f770-2d49dad4 High
Status: Disinfected (events: 2)
6/01/2012 1:30:34 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\phan\Application Data\Sun\Java\Deployment\cache\6.0\58\2ec82cba-20e48901 High
6/01/2012 1:30:34 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\phan\Application Data\Sun\Java\Deployment\cache\6.0\58\2ec82cba-20e48901/glass/boing.class High
Status: Quarantined (events: 2)
6/01/2012 2:28:57 AM Quarantined virus HEUR:Backdoor.Win32.Generic C:\Program Files\LP\FF6B\215.exe High
6/01/2012 2:28:59 AM Quarantined virus HEUR:Backdoor.Win32.Generic C:\Program Files\LP\FF6B\F93.tmp High
  • 0

Advertisements


#17
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Posted Image
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please run this step first. After that you can rerun VRT scan. To speed scan you can disable your real time antivirus software until VRT finish.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#19
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14658813 bytes
->Flash cache emptied: 42076 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 105805 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2797758 bytes

User: phan
->Temp folder emptied: 6465361332 bytes
->Temporary Internet Files folder emptied: 1637451370 bytes
->Java cache emptied: 83128830 bytes
->Flash cache emptied: 3205441 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119359 bytes
%systemroot%\System32 .tmp files removed: 3432977 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145683007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 354881242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 70344084 bytes

Total Files Cleaned = 8,376.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01072012_132029
  • 0

#20
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Will rerun the VRT scan now & hope it actually completes fully this time.
  • 0

#21
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Finished the scan! The report is pasted below. There's also a status message saying 'potentially unwanted software detected....you are advised to neutralise it as soon as possible'.

Should I click on neutralise all?


Status: Detected (events: 1)
7/01/2012 1:57:35 PM Detected adware not-a-virus:AdWare.Win32.MegaSearch.aj C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\data1.hdr//MegauploadToolbarSetup.exe//data0085 Medium
Status: Deleted (events: 2)
7/01/2012 1:59:56 PM Deleted adware not-a-virus:AdWare.Win32.MegaSearch.aj C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll Medium
7/01/2012 2:14:26 PM Deleted Trojan program Trojan.Win32.Hosts2.gen C:\_OTL\MovedFiles\01052012_233342\C_WINDOWS\System32\drivers\etc\hosts High
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes, you can remove all. How is your system now? Any problems?
  • 0

#23
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi maliprog,

it seems normal. Do you think I should download avast or something?
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Do you think I should download avast or something?


I see you already have Kasperski antivirus so you don't need another as far as I can see.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#25
dinmao

dinmao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
My Kaspersky license expired a few months ago, I think that might be why it couldn't detect the Cloud AV virus.

I've completed the above recommended steps.

Thanks a million for your help maliprog!!!!!!!!!!! You're a hero, hahahaha :thumbsup:
  • 0

Advertisements


#26
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
In that case here is my antivirus recomendation:


Hope it helps. Goodbye and stay safe :thumbsup:
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP