Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware win 32 popup in avast [Solved]


  • This topic is locked This topic is locked

#16
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran the ComboFix

completed stages 1-50

told me deleting the following files:

C:\Users\Becky\Appdata\Local\temp\libsqloitejdbc74380757312272571.lib


C:\Users\Becky\Appdata\Local\temp\swt.gdip-3448.dll187267095511303562.lib

C:\Users\Becky\Appdata\Local\temp\swt.win32-3148.dll

C:\Users\Becky\Appdata\Local\temp\windowsapi.dll

It then said "rebooting windows please wait"

Rebooted and then said

preparing log report
Do not run any programs until ComboFix has finished and had a yellow rectangle that blinked. Once the "blinking" finished I assumed it was done running. FOund the log in the file and here it is

ComboFix 12-08-13.01 - Becky 08/14/2012 18:26:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2138 [GMT -5:00]
Running from: C:\Users\Becky\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Becky\AppData\Local\Temp\libsqlitejdbc-7438075731227625271.lib
C:\Users\Becky\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Becky\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Becky\AppData\Local\Temp\WindowsAPI.dll1872670950511303562.lib

---- Previous Run -------

C:\Users\Becky\AppData\Local\Temp\libsqlitejdbc-1793624134218640462.lib
C:\Users\Becky\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Becky\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Becky\AppData\Local\Temp\WindowsAPI.dll7805677073704264177.lib
C:\Windows\SysWow64\URTTemp\regtlib.exe
C:\Windows\TEMP\{396CC58F-F7FD-4375-A0B2-1614E50D05B6}\fpb.tmp
C:\Windows\TEMP\{BB6F57CD-12B6-4E38-A7DC-554A4176CCCC}\InstallFlashPlayer.exe
C:\Windows\TEMP\FP_AX_CAB_INSTALLER.exe

-- Previous Run --

Infected copy of C:\Windows\system32\Services.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

--------


((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))


2012-08-14 23:35:31 . 2012-08-14 23:35:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-13 23:24:54 . 2012-08-13 23:24:54 -------- d-----w- C:\_OTL
2012-08-12 00:01:15 . 2012-08-12 00:01:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-09 13:36:13 . 2012-08-09 13:36:13 -------- d-----w- C:\Users\Becky\AppData\Roaming\Malwarebytes
2012-08-09 13:36:02 . 2012-08-09 13:36:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-09 13:36:01 . 2012-08-09 13:36:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-09 13:36:01 . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-08 12:05:13 . 2012-07-03 16:21:52 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-07-16 11:54:47 . 2012-07-16 11:54:47 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-07-16 02:14:04 . 2012-07-22 19:54:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 02:14:04 . 2012-07-22 19:54:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  • 0

Advertisements


#17
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Becky (administrator) on 14-08-2012 at 18:57:59
Running from "C:\Users\Becky\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:




I have not had the Malware/trojan pop up box come up since I connected to the internet 10 minutes ago. Everything seems to be running fine. Will let you know if that changes.

I REALLY APPRECIATE all the help you have given me.

Becky
  • 0

#18
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
This morning while on the internet I got the following message:

MALICIOUS URL BLOCKED

avast! Network Shield has blocked a threat.

object: http://www.garbagede...in/bup.js?itcoa
infection: URL:Mal
Process: C:Program Files (x86)\Mozilla Firefox\firefox.exe
  • 0

#19
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello 2troubled. It appears as if your Combofix and Farbar Service Scanner logs are incomplete. Please try to attach them to see if this resolves this issue. Here's how to do it:

  • Click Add Reply in our thread (the thread is the web page with all our communications)
  • Below the add reply textbox there will be a section that says Attachments
  • Click the Browse button in this section and navigate to C:\ (you can get there from the Computer link)
  • Attach the file Combofix.txt by selecting it then click the Open button then clicking the Attach This File Button
  • Repeat steps 3-4 but this time navigate to C:\Users\Becky\Downloads and open and attach FSS.txt
  • Once the files have been uploaded they will be listed under the Attachments section
  • Compose a post then click Add Reply to post

Let me know if you have any questions/problems

Things to see in your next post:
attached Combofix.txt and FSS.txt

  • 0

#20
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
the message I sent earlier today has not reappeared anytime today.

ComboFix.txt I could not find the Farbar log. I looked in the downloads file and the only thing there was the .exe file

So do you want me to run Farbar again?

Becky

Attached Files


  • 0

#21
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Yes please run Farbar again then attach the log to your post. Tomorrow I am taking a road trip up North in California... so I won't be able to respond to you until Friday. Also my parents say the Internet is spotty up there right now but that a technician is coming tomorrow to check it out. I will keep you posted as I have a smartphone that ought to get Internet regardless up North.
  • 0

#22
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran Farbar again,per instructions in previous post and saved the log. Everything looked the same, at least to me it did. I ran Farbar with AVAST! turned off.

Thanks,
Becky

Attached Files

  • Attached File  FSS.txt   2.63KB   109 downloads

  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi 2troubled. Your computer looks to be clean. Two of your Windows services are crippled however. We will now fix that, verify it is fixed, and then run a scan for any remaining malware on your machine. Also we have to back up the registry before we fix the services. We will also do a temp file clean. Please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 2

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Step 3

Please download these files
Attached File  BITS.reg   6.14KB   205 downloads
Attached File  WinDefend.reg   7.41KB   201 downloads
For each file:
  • right-click on it once downloaded
  • click Merge
  • click Yes in the Registry Editor dialog box.

Step 4

  • run farbar service scanner

    Posted Image
  • Tick All options.
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please attach the log to your reply.

Step 5

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window (you can click Details to view the scan results)

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
FSS.txt (please attach)
Kaspersky Security Scan log (HtmlReport zipped folder attachment)

  • 0

#24
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Becky
->Temp folder emptied: 4570423 bytes
->Temporary Internet Files folder emptied: 101870015 bytes
->Java cache emptied: 4213646 bytes
->FireFox cache emptied: 133767732 bytes
->Google Chrome cache emptied: 54869117 bytes
->Flash cache emptied: 228508 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Favorites

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16134 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 2594729 bytes

Total Files Cleaned = 288.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08182012_143728

Files\Folders moved on Reboot...
C:\Users\Becky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Becky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/18 14:40:55 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
  • 0

#25
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I am on "step 3". I downloaded the two files. In my "downloads" file I right clicked on each of the file but did not see an option of "merge" like you said. I DID NOT double click on the downloaded files.

I will not do anymore until I hear back from you.
  • 0

Advertisements


#26
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Just double click the files instead of doing the merge - it will do the same thing. Let me know if you have any questions/problems. We're almost done! :thumbsup:
  • 0

#27
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the Farbar log

Attached Files

  • Attached File  FSS.txt   2.52KB   97 downloads

  • 0

#28
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the updated farbar

Attached Files

  • Attached File  FSS.txt   2.52KB   91 downloads

  • 0

#29
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
please restart the computer then grab another FSS.txt log from Farbar Service Scanner for me. Sorry I should have told you to restart to begin with. This can wait until you are done with Kaspersky Security Scan if you already started it.
  • 0

#30
2troubled

2troubled

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, I ran the scan and it said I had 26 threats

Malware 9

Vulnerabilities 4

Other issues 13

I DID NOT use the "fix now" button at the top of the report. I have attached the log from Kaspersky. Although my computer did not have an "html report". It only had a "report" file, so that is the one I have zipped and attached. Well I tried to attach the file but it says it is too large to attach. When I checked the properties of the file it says it is 1.34 mb....so I am stuck
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP