Jump to content

Avenger File

Bookster

By Bookster
in Resolved Malware Removal Logs

 Share

Recommended Posts

Bookster

Bookster

Posted
Posted

I have been a fan and user of Pro Malwarebytes for 4 years.

I'm not sure where to turn for help my topic has been closed

so I have been directed to start a new topic here.

Avenger file on drive C: 120 Gig That's my Windows only Hard drive

Drive D: 150 Gig is my work space I download and play from there

I have 2 USB 2 TB I use for storage. They are offline 90% of time.

Whenever I run Malwarebytes Avenger folder empty and Avenger.txt open

Avenger.txt grows until I get low Disk Space and finally Blue screen of death.

I restart Computer F8 Safe delete avenger.txt and I'm good until I start Malwarebytes

I have removed all files and root of Malwarebytes and have no problems.

A new fresh install of Malwarebytes starts Avenger Folder Avenger.txt

And I'm dead in the water in 18 min or less.

Please help I need protection

Sorry I forgot the MBAM logs

Rkill.txt

exehelperlog.txt

CheckResults.txt

dds.txt

attach.txt

mbam-log-2013-08-25 (12-58-31).txt

mbam-log-2013-08-25 (13-14-12).txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Hello Bookster, welcome to the forums

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Direct link to the file:

http://downloads.malwarebytes.org/file/mbar

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

•Doubleclick on the MBAR file you downloaded.

•Approve the UAC prompt in Vista and newer operating systems.

•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.

•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next'.

•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.

1.'Could not load protection driver'. Click 'OK'.

2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

system-log.txt

Link to post
Share on other sites
Bookster

Bookster

Posted
  • Author
Posted

Malwarebytes, Malwarebytes Anti-Rootkit, Malwarebytes FileASSASSIN, CCleaner and Puran Defrag 7.6 Are on computer.

I update 1 to 3 times a day and I run it every time I get online or offline. Malwarebytes is small and always up and running. Malwarebytes Anti-Rootkit will not run with Malwarebytes running in back ground, so I shut it down. Malwarebytes, Malwarebytes FileASSASSIN, Malwarebytes Anti-Rootkit can not remove "AVENGER.txt" file. I have the C: Dive up on second screen and the second I click Scan with Malwarebytes "AVENGER folder empty and Avenger.txt" show up I can sit and watch Avenger.txt grow in file size until it consumes the drive and it shuts down.

 

Malwarebytes has been removed as well as all related root comand files.

Anything MBAM is gone.

Everything Malwarebytes related is gone.

 

I did as you asked here is the file.

I did not click Clean up. I forced ext with Task Manager.

 

system-log.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I'm surprised that MBAR didn't flag a Zaccess as you have one showing in the MBAM logs.

HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Trojan.Zaccess) -> No action taken.

It did show it was removed removed but that usually comes back.

Also that avenger.txt file only does that from trying to process a service it can't handle and we've only seen this on XP systems.

Let's try the following program which will help us figure out more of what's going on with your computer and go from there.

Combofix will scan the computer for various types of threats.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this link

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANT !!! Save ComboFix.exe to your Desktop

Note: Be sure to select Save as Type > All Types

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216

Double click on ComboFix.exe & follow the prompts.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Note: If you have XP SP3, use the XP SP2 package.

If Vista or Windows 7, skip the Recovery Console part

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Click on Yes, to continue scanning for malware.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

When the tool is finished, it will produce a report for you.

Please attach the C:\ComboFix.txt log on your next reply so that we can continue checking and cleaning the system.

Please save using the default Notepad format,

DO NOT USE WORD or any other office type of software.

DO NOT COPY & PASTE the log, send it as an attachment.

Reply to THIS ticket, DO NOT create a new one.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

If you haven't used Combofix yet:

Please run another scan with mbar.exe. You'll find it in the extracted mbar folder.

•Double click mbar.exe to run it.

•Check for Updates, then click 'Next'.

•Click 'Scan'

•When it has completed, click the 'CleanUp' button and allow the reboot if prompted.

Please attach the most recent mbar-log <date and time>.txt in your next reply.

Link to post
Share on other sites
Bookster

Bookster

Posted
  • Author
Posted

Update and scan with mbar.exe Clean and reboot.

Install Fresh MBAM Update scan and clean.

Download 2 copies of Combofix from you, install update and scan. Reboot 3 times?

System kept locking up I couldn't get anything to work

Delete Combofix And try again.

No Avenger file or Avenger.txt

Scan MBAM no problems

Scan Mbar no problems

 

I think this fixed all problems

Going for 1 more MBAM scan see if Avenger shows up

All good

C: does have new files

Config.msi

Boot.bak

Qoobox folder

Do I keep these

Hey have a Great weekend thanks

 

 

mbar-log-2013-08-30 (12-02-50).txt

ComboFix.txt

CheckResults.txt

mbam-log-2013-08-30 (14-20-57).txt

mbam-log-2013-08-30 (14-40-42).txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Great job...

All of these driver files with this size 54016 are leftovers that you can delete

c:\windows\system32\drivers\hklyjlw.sys

c:\windows\system32\drivers\fdgwtrlq.sys

c:\windows\system32\drivers\lexb.sys

c:\windows\system32\drivers\aeor.sys

c:\windows\system32\drivers\euyyg.sys

c:\windows\system32\drivers\tjykso.sys

Next we need to uninstall Combofix.

We need to uninstall Combix to totally remove what it found.

This will cause combofix to run again just enough to uninstall itself.

1.Click Start.

2.In the Start Search box, type ComboFix /Uninstall and click OK. Note the space between the X and the / it needs to be there.

Let me know how it's ruuning now

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.