BleepingComputer.com: Still have Virus after doing: RKILL, MalwareBytes, Avira & SUPERAntispyware... HELP

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Still have Virus after doing: RKILL, MalwareBytes, Avira & SUPERAntispyware... HELP

#1 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 05:48 PM

Hey There,

Ok I am going to try to summarize my issue as best as I can, I would REALLY appreciate some help.

Computer Info:
6 yr old Dell Laptop with Windows Vista

- 3 Days ago I was in the middle of updating some programs and my computer froze
- I shut off and powered back on and the fan would run then shut off, this happened 3 or 4 times before I was able to successfully to a system repair and load windows normally
- Once in normal mode I restaredt so I could do a virus scan in safe mode
- The same shut off thing happened another 3 or 4 times, finally I was able to load Windows in Safe Mode, but none of my AV programs would work (AVG & Ad-Aware)I attempted to uninstall them Ad-Aware removed but AVG would not.
- I then downloaded and installed Avira
- Avira took 17 hrs to do a full scan and found a bunch of stuff which I removed
- Things were still acting funny (better, but still didn't seem right) so I downloaded Malwarebytes & SUPERAntiSpyware - I ran them both, a few things were found and I removed them
- Thinking my computer was fixed I wanted to clean things up (for a while now I haven't been able to click on links in Windows Live Mail) so I wanted to reinstall and update etc...
- I updated windows as well as removed Opera and Installed IE9
- Then I tried to remove some programs (BearShare, AVG etc.) they wouldn't remove
- I searched for some removal tools online which is when I realized I was not able to download ANYTHING with IE9 (it kept saying every file was a virus)
- At this point I did some research and learned about RKill, problem was I couldn't download anything using IE9 or Safari so I couldn't download it...
- I thought today I was try a system restore, which I did, but it only restored to yesterday so I still have IE9, I ran Avira again and it ran MUCH faster but after about an hr froze
- later today I was able to install Google Chrome and it allowed me to download RKill, I ran that then Malwarebytes but it said I was clean!

I know I still have something because I also managed to download the AVG removal tool, when I used it, it worked but when my computer reset itself it didn't turn on again (fan blew then shut off) I turned it on again and it loaded but when it came to the windows screen there was a white screen for a few seconds...

So that's where I'm at, I have read about Combo-Fix, but I don't know how to use it... I am thinking it is time someone help me using my logs.

Thanks SO much!

This post has been edited by Budapest: 28 July 2011 - 06:22 PM
Reason for edit: Moved from Vista ~Budapest

#2 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,388
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 July 2011 - 06:01 PM

Can you post a log from Avira letting us know what it detected?

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#3 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 06:48 PM

Hi there my logs seem to have been lost, are they automatically stored somewhere or do you have to manually save them each time?

#4 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,388
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 July 2011 - 07:04 PM

The logs are usually accessible via the application:

In Malwarebytes its located via the Logs Tab.

In SAS they are located in Preferences.

for Avira: http://forum.avira.com/wbb/index.php?page=Thread&threadID=74737

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#5 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 07:22 PM

thanks!
the Avira one is gone, but i'm scanning now and will post when its done.
here is the malwarebytes one:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7311

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/07/2011 6:03:43 PM
mbam-log-2011-07-28 (18-03-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 325740
Time elapsed: 2 hour(s), 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,388
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 July 2011 - 07:25 PM

Is there a history of events kept in Avira?

I know in MSE there is one, and also other Virus Scanners.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#7 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 07:26 PM

here's the SAS one from yesterday:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/27/2011 at 10:59 AM

Application Version : 4.55.1000

Core Rules Database Version : 7464
Trace Rules Database Version: 5276

Scan type : Quick Scan
Total Scan Time : 00:41:46

Memory items scanned : 737
Memory threats detected : 0
Registry items scanned : 2705
Registry threats detected : 0
File items scanned : 22274
File threats detected : 0

#8 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,388
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 July 2011 - 07:26 PM

Do a complete scan with SAS.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#9 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 07:27 PM

here's the SAS one from Jul 26th:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2011 at 04:11 PM

Application Version : 4.55.1000

Core Rules Database Version : 7464
Trace Rules Database Version: 5276

Scan type : Quick Scan
Total Scan Time : 00:42:32

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 2710
Registry threats detected : 34
File items scanned : 22749
File threats detected : 41

Adware.HBHelper
HKU\S-1-5-21-176520208-456663055-2915200904-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\CLIP EXTRACTOR DB TOOLBAR\TBHELPER.DLL
HKU\S-1-5-21-176520208-456663055-2915200904-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.Tracking Cookie
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@atdmt[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@overture[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@ad.yieldmanager[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@bellcan.adbureau[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@atdmt.combing[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@doubleclick[1].txt
8tracks.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
akamai.smartadserver.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn.insights.gravity.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn.steelhousemedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn4.specificclick.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cloud.video.unrulymedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cloudfront.mediamatters.org [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
content.oddcast.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
core.insightexpressai.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
ds.serving-sys.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
ia.media-imdb.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
imagec17.247realmedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
m1.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.doctoroz.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.heavy.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.ign.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.mizunousa.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.mtvnservices.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.nbclosangeles.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.onsugar.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.oprah.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.scanscout.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.y8.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media1.break.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media4.y8.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
msnbcmedia.msn.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
objects.tremormedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
s0.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
secure-us.imrworldwide.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
serving-sys.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
static.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
static.discoverymedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
vitamine.networldmedia.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
www.99counters.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

#10 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 07:47 PM

On my iPhone now, just went to my PC to send u the Avira history (scan takes forever) it was only 5% done and frozen! I took a screen shot with my phone... Turned off computer and back on, got system restore screen, chose start Windows normally and it's taking a REALLY long time to load... This is the second time it has froze during Avira... Should I try to run again (if successful will take hrs) or start with full SAS scan?

#11 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 07:48 PM

Finally loaded got white screen for about 15 seconds then desktop appeared

#12 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,388
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 July 2011 - 07:51 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#13 User is offline   CarlyBenj 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 36
  • Joined: 28-July 11

Posted 28 July 2011 - 08:43 PM

All Done, here is my new topic

http://www.bleepingcomputer.com/forums/topic411831.html

Thanks!

#14 User is online   rigel 

  • FD-BC
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 12,757
  • Joined: 21-October 04
  • Gender:Male
  • Location:South Carolina - USA

Posted 28 July 2011 - 08:56 PM

As you have now posted a log in the Advanced Malware forum, please follow only the advice of the tech that takes your log. Response times are currently longer than normal due to high volumes of logs submitted. Good luck with the cleaning of your computer - you are in good hands!
"In a world where you can be anything, be yourself." ~ unknown
"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users