Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


UPS Virus

  • Please log in to reply
3 replies to this topic

#1 SarahE217


  • Members
  • 2 posts
  • Local time:12:58 PM

Posted 03 November 2012 - 02:56 PM

I am having some trouble, and I'm not sure where else to turn. I have an HP laptop, running Windows 7 Home Premium and I know that it is 64 bit. Im not so great with computers. I know my way around a little bit, though. I recently was an idiot and opened the UPS Virus from an email. (It was very convincing). My system crashed within a couple of days. I made it into the computer long enough to factory image restore it. I still am having issues though. Sometimes my WiFi won't work, my browser closes (running mozilla). I tried AVG, Avast, and got a trial of Norton. The only one that picked anything up was the Norton, and it is grabbing 20-30 spyware every day. It is removing and vaulting these, but they just keep COMING! I am at a loss now, I don't know if I should try to restore again, or trash the computer (I really dont want to, just paid 600.00 for it in February...) Can someone help me PLEASE!?!?

Edited by hamluis, 03 November 2012 - 03:10 PM.
Moved from Win 7 to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 narenxp


  • BC Advisor
  • 16,371 posts
  • Gender:Male
  • Location:India
  • Local time:12:58 PM

Posted 03 November 2012 - 03:55 PM



Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results



Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking


ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 SarahE217

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:58 PM

Posted 19 November 2012 - 03:56 PM

The TDSSkiller did not return anything. The the aswMBR returned this:

aswMBR version Copyright© 2011 AVAST Software
Run date: 2012-11-18 23:58:21
23:58:21.005 OS Version: Windows x64 6.1.7601 Service Pack 1
23:58:21.005 Number of processors: 2 586 0x200
23:58:21.005 ComputerName: SARAH-HP UserName: Sarah
23:58:23.426 Initialize success
00:01:05.244 AVAST engine defs: 12111801
00:02:19.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
00:02:19.995 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
00:02:20.015 Disk 0 MBR read successfully
00:02:20.025 Disk 0 MBR scan
00:02:20.045 Disk 0 Windows 7 default MBR code
00:02:20.055 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:02:20.085 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458572 MB offset 409600
00:02:20.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14104 MB offset 939565056
00:02:20.155 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
00:02:20.215 Disk 0 scanning C:\Windows\system32\drivers
00:02:32.866 Service scanning
00:03:12.126 Modules scanning
00:03:12.156 Disk 0 trace - called modules:
00:03:12.526 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
00:03:12.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041426f0]
00:03:12.576 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003c47040]
00:03:12.586 5 amd_xata.sys[fffff88001133a1d] -> nt!IofCallDriver -> [0xfffffa8003c42160]
00:03:12.606 7 ACPI.sys[fffff88000f217a1] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8003c43060]
00:03:14.190 AVAST engine scan C:\Windows
00:03:18.162 AVAST engine scan C:\Windows\system32
00:07:15.976 AVAST engine scan C:\Windows\system32\drivers
00:07:44.482 AVAST engine scan C:\Users\Sarah
00:11:42.532 AVAST engine scan C:\ProgramData
00:13:14.809 Scan finished successfully
00:14:48.950 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
00:14:48.960 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"

and the ESET scanner found
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT8DQD8A\Firefox_Setup_15.0.1.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined

#4 narenxp


  • BC Advisor
  • 16,371 posts
  • Gender:Male
  • Location:India
  • Local time:12:58 PM

Posted 19 November 2012 - 08:48 PM



Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here


mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.


Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here


Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users