Jump to content

Recommended Posts

Hi there!

I'm running a 2007 HP Pavilion a6000n with Windows Vista (64)

On Friday last week I was looking for an OCR program and downloaded this virus (trojan?) by accident. It seemed like it was "freeware" but as soon as I clicked on the exe it disappeared and immediately my computer became laggy. AVG did not pick it up right away but Chrome did and would not let me get into my gmail/facebook etc as the trojan had logged me off of these sites in an attempt to get my login info. As soon as I realised what had happened, I downloaded Avast and got rid of AVG. Avast picked up the trojan immediately and informed me that it had been blocked and put into the chest. Except the warning started to pop up every 3 minutes or so.

I unplugged my internet and ran Malwarebytes and a regular Avast scan and a safe boot scan (which picked up a few things but did not get rid of them) After the safe mode boot scan, it seemed as if it had worked and got rid of the trojan once and for all... my computer was running at normal speed, itunes and chrome opened normally (whereas before the scan it was taking 2 minutes to open itunes and the whole system was laggy)

As soon as I plugged my internet back in, Avast alerted me that there was a problem. Only now instead of it popping up once to tell me "[email protected]" it popped up "[email protected]" "[email protected]" "[email protected]" and now "[email protected]" as well all one right after another.

Attached is the OTL and Extras txt files as well as the EEK scan results. I'm hoping someone can help me. I've had this computer for a while and the last 5 years of my life are on it. I'd hate to have to start over.

Thank you!

Link to post
Share on other sites

Download Hitman Pro to your Desktop.

Press the CTRL key and double-click on Hitman Pro. Hitman Pro will shut down all unnecessary processes when ran this way.

If Hitman Pro wants to update, let it.

If Hitman Pro wants to download signatures, let it.

If Hitman Pro wants to remove something, let it.

Attach any logs produced by Hitman Pro.

Link to post
Share on other sites

Sounds good. Just running the scan now. Just wanted to also let you know, I tried to open the x64 version but it said it was not compatible with the version of Windows that I'm running so I guess I'm running 32 bit instead.

Will post logs as soon as possible. Thanks :)

Link to post
Share on other sites

The scan has been completed. Hitman did not make a log for me to attach. It found 14 items, three trojans and several zero access files as well as old tracking cookies.

it deleted most of them and asked me to reboot to delete the last two. So far the computer has been running smooth, not popups from Avast yet.

How will I know that it has successfully removed the virus and my computer is back to normal?

Thanks :)

Link to post
Share on other sites

OK, that's what I was expecting to happen. Hitman Pro should have removed the bulk of the infection. However, we need of find the rest of the infection and remove it.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to post
Share on other sites

Hmm I disabled Avast and tried to run Combo Fix but my computer beeped twice and is telling me AVG is still running even though I uninstalled it over three days ago. I did a search for AVG and it doesn't show up at all in C:\

Not sure what to do...

Link to post
Share on other sites

Combo fix is done scanning! I noticed that before it finished Hitman started a quick scan. Also, I tried to open Chrome, and internet explorer and an error message popped up saying:

C:\Program Files\Google\Chrome\Application\chrome.exe

Illegal Operation attempted on a registry key that has been marked for deletion

Not sure what that means but it has me a little concerned.

Also, Hitman has finished scanning now and has found no threats.

Edit: just tried to open iTunes and photoshop and a few other files and programs (such as the log I just attached) and have gotten the same error message as above. :wacko: It looks like I can't open any file at all without getting that error message above.

Link to post
Share on other sites

Your OTL log indicates that you are bypassing the Adobe product activation check. This indicates that you have Adobe products installed that were not obtained legally. We have a strict no piracy policy and you will be required to remove all illegal software from your system, before you will receive any further assistance.

Link to post
Share on other sites

You hosts file has entries that block adobe's online activation. The only reason for them to be present in your hosts files is to prevent Adobe from recognizing the illegally activated Adobe software.

Uninstall everything related to Adobe CS5 via Add or Remove Programs in the Control Panel.

You can also use the Adobe Creative Suite Cleaner Tool to remove CS4. http://www.adobe.com...leanertool.html

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...