Help with a virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by LaurieJ31981, Apr 7, 2012.

  1. LaurieJ31981

    LaurieJ31981 Private E-2

    I am trying to help my sister with her laptop... a few days ago she went on it and most of her programs were gone, so we restored it to a previous date and everything was back. I ran AVG nothing came up, I ran Malwarebytes and found 12 infected files, so i removed those ran it again and the same 2 Trojan viruses come up, and will not go away. Last night all the programs went missing again, and I again restored it, ran Malwarebytes and same thing those 2 trojan viruses. I tried to instal hijackthis but for some reason I can't unzip it, so here are the results from malwarebytes I hope someone can help me out.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.07.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    2q :: 2Q-PC [administrator]

    4/7/2012 12:58:53 PM
    mbam-log-2012-04-07 (13-10-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236359
    Time elapsed: 9 minute(s), 16 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4852 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
     
    LaurieJ31981, Apr 7, 2012
    #1
  2. LaurieJ31981

    LaurieJ31981 Private E-2

    I got hijackthis to work heres the file
     
    Last edited by a moderator: Apr 7, 2012
    LaurieJ31981, Apr 7, 2012
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Apr 7, 2012
    #3
  4. LaurieJ31981

    LaurieJ31981 Private E-2

    I followed all instructions, attached all 4 logs and I am still having the same problem with the 2 trojan viruses.
     

    Attached Files:

    LaurieJ31981, Apr 7, 2012
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTCby Old Timer and save it to your Desktop.

    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:otl
:files
C:\Program Files (x86)\blekkotb
C:\Windows\svchost.exe
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 8, 2012
    #5
  6. LaurieJ31981

    LaurieJ31981 Private E-2

    I attached a new malwarebytes log too, but still same thing...
     

    Attached Files:

    LaurieJ31981, Apr 10, 2012
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I assume you are having MBAM fix what it finds.

    Let's try it again:
    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:files
C:\ProgramData\77A186V.dat
C:\Windows\svchost.exe
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Go to the below link and follow the instructions for running TDSSKiller from Kaspersky

    Be sure to attach your log from TDSSKiller


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    Last edited: Apr 11, 2012
    TimW, Apr 11, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds