Jump to content

Recommended Posts

Hello and :welcome:

Please right click on the OTL download link and select "save link/target as...". Save the file as OTL.com and try to run it that way.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Well I'm having some real odd troubles. On my Incredible, when I paste the log txt into the reply box, I can't do anything. The browser will not let me navigate anywhere. I have to reboot my phone every time. Could an infection be carried over to the OS of the phone?

Link to post
Share on other sites

Hi, good news, I've found the culprit here. :)

Please rerun OTL, but now instead of clicking Quick Scan, copy/paste the following text into the Custom Scan/Fix field and click Run Fix.

You can save the script in a Notepad file and put it on the flashdrive so you can access it on the infected computer.

:otl
O35 - HKU\S-1-5-21-1454471165-1645522239-839522115-500..exefile [open] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\avt.exe" -a "%1" %* ()
O37 - HKU\S-1-5-21-1454471165-1645522239-839522115-500\...exe [@ = exefile] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\avt.exe" -a "%1" %* ()
[2011/04/05 08:48:38 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/05 08:41:09 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\YYQVC.job
[2011/04/04 19:41:41 | 000,013,922 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0810l5u6odc6bt4h
[2011/04/04 19:41:41 | 000,013,922 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\0810l5u6odc6bt4h
[2011/04/04 19:41:34 | 000,225,805 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\avt.exe
[2011/04/01 12:33:46 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Ivohoa.exe
[2011/04/01 12:33:32 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\spmsgb.dll

:commands
[reboot]

Your computer will be rebooted when the fix is done. Please let me know how things are running afterwards.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.