extremeboy

Hello. Yes, that is just a quarantine item, no need to worry. We will remove that once we're done here. Not yet, let's get one more scan done. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected:Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. [*]Now under the Scan section on the left: Select My Computer [*]The program will now start and scan your system. This will run for a while, be patient and let it finish. [*]Once the scan is complete, click on View scan report [*]Now, click on the Save Report as button. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

Okay. Thanks for letting me know, let me know how it goes.

Hello. Nope, not yet. Let's perform an online scan now. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected:Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. [*]Now under the Scan section on the left: Select My Computer [*]The program will now start and scan your system. This will run for a while, be patient and let it finish. [*]Once the scan is complete, click on View scan report [*]Now, click on the Save Report as button. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

Hello. Good, that's done. Please follow/read the steps below to remove the tools we used and for some more information. Uninstall ComboFix Remove Combofix now that we're done with it. Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix and anything assoicated with it. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. Congratulations! You now appear clean! Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here. If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along. If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks. With Regards, Extremeboy

Combofix disinfected it which should of took care of that. Show me the log of what MSE detected as Alureon.

Reboot your computer once more. This should resolve the error you got from Combofix. Run Systemlook again,

10 items were the files but the other two were registry related. Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10

Does your .exe files work now? Run this tool and see if it works and if you can now post the logs.

Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:FCopy:: C:\Windows\System32\drivers\netbt.sys | C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sysSave this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall Run SystemLook again once Combofix is done. Thanks.

Can you show me what Avira detected and removed? Which 2 items that couldn't be removed?

Hello. Okay, that worked successfully. Update and Scan with MalwareBytes Anti-Malware Launch Malwarebytes' Anti-Malware Go to the Update tab Select Check for Update and let MBAM download and install any available updates. After the update is complete go to the Scanner tab. Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

Hello. Looking better. I see no anti-virus software's installed however. Having one installed is essential for safety while on the internet. Please go here: http://computermalwaresecurity.blogspot.co...tware-list.html and install an anti-virus software. Update it upon completion and let me know how your computer is performing right now as well. ~Extremeboy

The OTM script did not go successfully because you did not copy the full script correctly. You forgot the colon ( : ) before the "reg" Please run OTM again using the following script like last time. Don't forget the colon this time. :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe] @="exefile" :Commands [CREATERESTOREPOINT] [resethosts] [emptytemp] Thanks.

That good to hear. Most of what Kaspersky detected were just infected java cache which can be removed easily. However, there's a system file that we need to deal with first. Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor) A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff". Copy and Paste the content of the following codebox into the main textfield under "File": :filefind netbt.sys Please Confirm everything is copied and Pasted as I have provided above Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task Can you then upload the following file to me through the Submission Channel. C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys <= This file Thanks.

Did you run Malwarebytes once more? If not, please do so and post the log. If so, please post the log.

Hello. Let's perform an online scan. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected:Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. [*]Now under the Scan section on the left: Select My Computer [*]The program will now start and scan your system. This will run for a while, be patient and let it finish. [*]Once the scan is complete, click on View scan report [*]Now, click on the Save Report as button. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

Attach the logs here then by clicking Add Reply and you should see the Attachments area which you can browse, upload and attach the logs. Thanks.

Hello. Yes, Combofix was just reporting what the Windows Management Instrumental "said". I think we can deal with this successfully, so we can probably avoid the format/reinstall path. Combofix didn't deal with the infection successfully, but let's trigure something here and perform another "custom scan" with Combofix. Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:TDL:: C:\WINDOWS\System32\DRIVERS\kbdhid.sysSave this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall Let me know how it goes.

Well, the Malwarebytes log detected nothing which is good so far. Let's deal with the other 2 things I mentioned earlier... Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local>;*.localSave this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall Then, Let's perform an online scan. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected:Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. [*]Now under the Scan section on the left: Select My Computer [*]The program will now start and scan your system. This will run for a while, be patient and let it finish. [*]Once the scan is complete, click on View scan report [*]Now, click on the Save Report as button. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

In that case, please run Malwarebytes once more. Take a new DDS run afterward and post that log as well so I can take a look if it was actually removed or not. Thanks and sorry for the delay.

Yup, Feel free to PM me if I haven't replied with 48 hours. Usually we should get at least 1 reply per day more if applicable -during the weekends. Your logs are looking good now. Let's perform an online scan. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected:Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. [*]Now under the Scan section on the left: Select My Computer [*]The program will now start and scan your system. This will run for a while, be patient and let it finish. [*]Once the scan is complete, click on View scan report [*]Now, click on the Save Report as button. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy

Hello. Looks a lot better now. Just two internet registry setting related entries that still requires to be dealt with. Let's first try another scan with Malwarebytes. Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Hello. Thanks for the description. The infection that you currently got detected in the System Volume Information is related to your system restore points. Did you try to run Combofix previously? Please follow the instructions below on running it. Download and Run ComboFix Note to readers of this post other than the starter of this thread: ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert. Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Please refer to this page for full instructions on how to run ComboFix. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how. Double click ComboFix.exe to start the program. Agree to the prompts. When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it. Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

I see a few infections in the logs, let's see if Malwarebytes can disinfect/remove those. Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Hello. Are you still there? Do you still require help? If you are please follow the instructions in my previous post. If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic. Please reply back telling us so. If you don't reply within 7 days from the last day I replied initially, the topic will need to be closed. Thanks for understanding. With Regards, Extremeboy