JS:FakeAV-CN [Trj] - can't remove

Discussion in 'Malware Help (A Specialist Will Reply)' started by agentG, Dec 21, 2009.

  1. agentG

    agentG Private E-2

    Hi ive had this trojan on my pc for a few days and i cant seem to get rid of it, it was something i downloaded with a torrent, as soon as i installed the torrent program i got a message saying media centre store download manager has stopped working and it was closing down, then all the links i click on in google searches are redirected, i occasionaly get messages saying an error has occured and IE is going to close down too. I can get to a site through any of my favourites links or if i type the url in but not from a link in a search. when i get redirected avast picks up the js:fakeav. i had used antimalwarebytes before i ran through the steps on here and it said it found trojan.vundo which it removed and i had used superantispyware which picked up some other adware which it removed, however i still have the same problem so i started at the beginning and followed the steps here, the problem still remains. I managed to run all steps except for combofix when it got to scanning step4 i got a bsod and the pc rebooted so i missed that step out and carried on.
     

    Attached Files:

    agentG, Dec 21, 2009
    #1
  2. agentG

    agentG Private E-2

    My MG logs
     

    Attached Files:

    agentG, Dec 21, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome.

    it's a pity avast doesn't give a file path for where the threat is being found.

    1. I know it may be incomplete due to the crash your pc took during combofix's stage 4, however could you attach this log into your next reply please?

    C:\ComboFix\ComboFix.txt

    2. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    • O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    After clicking Fix exit HJT.

    3. Use Windows Explorer to find and delete the below bold directory:

    • C:\Program Files\Common Files\ParetoLogic

    4. Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).
    • C:\Windows\Temp
    • C:\Users\Donna\AppData\Local\Temp

    5. Now run GMER as per these instructions:-

    GMER - running with a random name

    6. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Dec 22, 2009
    #3
  4. agentG

    agentG Private E-2

    thanks for the help but i ended up reformatting it
     
    agentG, Dec 30, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds