AVG reports multiple Win32/Heur, Trojan Horse Dropper Generic4, and more

Hi everybody,

I am a new usr here, my level of expertise would be moderate I guess.

This PC is a part of small home LAN (3PCs) with a pwd protected router and NAT. It is a XP PRO 32 bit system on Intel P4 mobo with 2Gb RAM, and all the Windows updates (incl. SP3), a default windows firewall is on, (a NAT hardware firewall in router is secured by pwd and encryption. No hardware issues reported by Device Mgr. Recently I added to this PC 2 HDDs from old PC of my son. Then my troubles started.

PC started suddenly crawling, even when I closed all but one instance of windows explorer, or killed all the unnecessary processes. "Darn, we are infected"... (I disconnected this PC from LAN but noticed a slow down on another PC, which I powered down).

AVG free reported a Win32/Heur in several copies on one of additional HDDs (non system drive i.e.) in a hidden "_restore" folder with a long number. I tried AVG to remove it, and it reported success, but subsequent scans revealed that the same virus comes back and shows in different locations on two of non system HDDs on this PC.

After I used Malware Bytes I got more different viruses reported, about 6 of them, including Generic horse Dropper 4.

Following google hints I made D and E:\_restore{...} folders visible and allowed AVG to delete them both. It reported success but next AVG scan revealed 10 different viruses in different locations on both data drives, and infected hidden "_restore" folders were back.

Each time I run AVG free it finds around 10 threats and some six warnings about broken certificates, and offers to clean all, but next scan shows some of the same and often new ones back. If I do nothing and allow infections to multiply (approx. each hour AVG resident shield reports another one found) the number of copies of threats stops at about 10-16 infections of several different viruses, and does not progress further. It all stays on data drives so far.

At this point I contacted this forum and downloaded software as per "readme first" instructions. I have followed the steps for Malware removal. I turned off AVG (disabled until the reboot) and run scans as per instructions.

Rogue killer reported 1 totally different virus on C drive and offered to clean it, which I did not proceed with as per instructions.

Malwarebytes - (I used my existing program) did not find anything this time.

MGtools started in DOS shell but stopped at second item of the script (GetRunKey.bat) with a comment below "Just wait for the program to finish running" and blinking cursor below (no C prompt or "done" or whatever report... I waited 48 hrs checking occasionally if the log file has been generated (but found only these that I zipped together here). It looks like the batch script did not finish.

Any suggestion would be greatly appreciated, as I have to learn how to clean all the LAN. Thank You in advance.

 

Thank You for helping. Sorry I for missed TDSSkiller report. It did not save this one itself, so I simply copied it to a txt file manually. I also provided an earlier AVG report with some of threats it found. I am not sure if all of them are real, or some might be a positive false, but PC is going through very obvious now infection manifested by frequent disappearing of objects on the interface like icons and opened windows (a background shows through), suddenly loosing its opacity and content, which I can get back only after minimizing and restoring them. Thanks again for helping me.

 

I have no idea how I missed this one, I was pretty sure I uploaded all of them including OTL.txt and extras.txt. I apologize. I was sure I saw them in uploaded list, but obviously I was mistaken. It won't happen again. Here is OTL.txt

 

Thanks... yup it was over the allowed upload limit... I could not see it for some reason (I possibly looked for comments below the window and this one was above, once I resized the window to a larger one I saw the system comment. Thank You again.

 

If I understood you correctly there seems to be no infection on the system drive. If so, then would it be safe to format both data drives? Or should it be just deleted, and if so, is there any particular way of doing so to avoid spreading infection onto the system disk? Or is the only way out of it now to dump both HDDs?