Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sleepy Dude says I need to remove ZeroAccess Trojan...How? [Solved]


  • This topic is locked This topic is locked

#16
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's continue.

Step 1

Download ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • adwCleaner log
  • JRT log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

Advertisements


#17
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi...all done
adwCleaner log below

# AdwCleaner v3.005 - Report created 23/09/2013 at 14:46:51
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium (32 bits)
# Username : Del - DEL-PC
# Running from : C:\Users\Del\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Del\AppData\Local\Conduit
Folder Deleted : C:\Users\Del\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Del\AppData\LocalLow\delta
Folder Deleted : C:\Users\Del\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Yvonne\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Yvonne\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5328d8cb73ce947
Key Deleted : HKLM\SOFTWARE\5328d8cb73ce947
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3267663
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


*************************

AdwCleaner[R0].txt - [3192 octets] - [23/09/2013 14:25:32]
AdwCleaner[S0].txt - [3211 octets] - [23/09/2013 14:46:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3271 octets] ##########
  • 0

#18
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Here is JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Del on 23/09/2013 at 14:52:38.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/09/2013 at 14:56:02.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#19
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


and finally ComboFix log..

ComboFix 13-09-23.02 - Del 23/09/2013 15:19:36.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3061.1937 [GMT 1:00]
Running from: c:\users\Del\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
FW: Sophos Client Firewall *Enabled* {7FA74EB7-030F-B2B8-582C-1670C5953A57}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\rnaph.dll
c:\windows\winhelp.ini
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-08-23 to 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 14:31 . 2013-09-23 14:31 -------- d-----w- c:\users\Yvonne\AppData\Local\temp
2013-09-23 14:31 . 2013-09-23 14:42 -------- d-----w- c:\users\Del\AppData\Local\temp
2013-09-23 14:31 . 2013-09-23 14:31 -------- d-----w- c:\users\Yvonnewinxp\AppData\Local\temp
2013-09-23 14:31 . 2013-09-23 14:31 -------- d-----w- c:\users\delwinxp\AppData\Local\temp
2013-09-23 14:31 . 2013-09-23 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 13:52 . 2013-09-23 13:52 -------- d-----w- c:\windows\ERUNT
2013-09-23 13:25 . 2013-09-23 13:46 -------- d-----w- C:\AdwCleaner
2013-09-22 17:44 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-22 17:44 . 2013-09-22 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-19 14:40 . 2013-09-19 14:40 -------- d-----w- C:\FRST
2013-09-18 18:44 . 2013-09-18 18:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 18:44 . 2013-09-18 18:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-18 18:33 . 2013-09-18 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2013-09-18 14:48 . 2013-09-18 14:45 718208 ----a-w- c:\program files\Uninstall Information\Ib\79\3683\ib_uninstall.exe
2013-09-17 19:13 . 2013-09-17 19:13 -------- d-----w- c:\program files\CCleaner
2013-09-14 12:53 . 2013-09-14 12:53 -------- d-----w- c:\users\Yvonne\AppData\Local\Sophos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}]
2013-01-15 14:30 328072 ----a-w- c:\program files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-21 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-01-12 421888]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-08-23 1229104]
.
c:\users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Passport Photo.lnk - c:\program files\CamToPrint\PassportPhoto\CamToPrintTray.exe c:\program files\CamToPrint\PassportPhoto\frmIco.ico [2012-11-1 62336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-2-2 1155912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2012-05-19 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2012-05-19 53312]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [2012-06-30 21520]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-07-28 47176]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-28 58112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-02-09 22536]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-08-20 16208]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]
S1 scfdriver;SCF Kernel Driver;c:\windows\system32\Drivers\scfdriver.sys [2010-03-31 86520]
S1 scflwf;Sophos Client Firewall packet filter;c:\windows\system32\DRIVERS\scflwf.sys [2010-03-31 40440]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-08-20 22864]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-08-23 686896]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-08-20 14160]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [2010-04-27 128240]
S2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [2010-04-27 32496]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-02-21 1543704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 18:29]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 18:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
SafeBoot-28900189.sys
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CamToPrint\PassportPhoto\CamToPrintTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-23 15:47:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-23 14:47
.
Pre-Run: 134,156,955,648 bytes free
Post-Run: 139,670,495,232 bytes free
.
- - End Of File - - 151071BEBF9BEF1DD4B6F9F358B50A15
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi 70delboy,

Tools did great job. How is your system now? Do you still get warnings?
  • 0

#21
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi there

Much more responsive now. Live Mail opens much quicker.
Still getting AV warnings though, for example

'Adware or PUA' NirCmd
Have also seen

Mal/Zbot-FG
HPsus/Hijack-D (when AdwCleaner was installed)
BProtector

Is there more work to do?

Thanks
delboy
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes. We must remove all malware. You must stop geting these error messages.

Before you start scanning please disable your antivirus. It will speed scan. After the scan is finished enable your antivirus.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#23
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi there...that scan took 9 hours! Anyhow here if the Detected threads file

Status: Deleted (events: 13)
24/09/2013 11:14:19 Deleted Trojan program Packed.Win32.Krap.iu C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\0.2715491340870523gtye.exe.000 High
24/09/2013 11:14:29 Deleted Trojan program Packed.Win32.Krap.iu C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\35aeb898-342d74fd.000 High
24/09/2013 11:14:29 Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\46e7071a-7071836a.000 High
24/09/2013 11:14:37 Deleted Trojan program Trojan-Downloader.Java.Agent.qn C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\L.class.000 High
24/09/2013 11:14:38 Deleted Trojan program Trojan-Downloader.Java.OpenConnection.fe C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\Main.class.000 High
24/09/2013 11:14:44 Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\INFECTED\yvx.exe.000 High
24/09/2013 11:31:15 Deleted Trojan program HEUR:Exploit.Java.CVE-2011-3544.a C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e9013e8-5d49f75b High
24/09/2013 11:30:48 Deleted Trojan program Exploit.Java.CVE-2011-3544.bg C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e9013e8-5d49f75b/Translate.class High
24/09/2013 11:31:23 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.a C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\77c7133e-42daf96b High
24/09/2013 11:30:48 Deleted Trojan program Exploit.Java.CVE-2012-0507.do C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\77c7133e-42daf96b/wa/u.class High
24/09/2013 11:31:31 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.gen C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\fdf1cc8-39d997a1 High
24/09/2013 11:30:50 Deleted Trojan program Exploit.Java.CVE-2012-0507.qm C:\Documents and Settings\Del\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\fdf1cc8-39d997a1/mac.class High
24/09/2013 11:57:49 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Yvonne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1250ab94-2819fe3e High


delboy
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
VRT cleaned malware from Java temp files. Test your system and tell me do you get any warning now?
  • 0

#25
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi there

That seems to have stopped the last warning (Adware or PUA 'NirCmd') appearing when opening web sites in IE8.

Is there anything else I should do, or is that it finished?

Thanks for all your help
delboy
  • 0

Advertisements


#26
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi 70delboy,

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP