Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this Terminal?


  • Please log in to reply
5 replies to this topic

#1 Judonems

Judonems

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 November 2013 - 09:05 PM

This is my first post on the forum although I have been a longtime observer

Just learning computing and am a little age challenged so be gentle on me

 

Need urgent help with my Windows 7 Ultimate Desktop

I think we may have picked up a virus

AVG picked up a Trojan which was then removed when prompted

 

When I rebooted the system most of my programs have disappeared-including Internet explorer, Office, System Tools ,Real Player etc etc  Appears very serious to me  Hope it is recoverable

 

Where can I start looking to repair this

 

Thanks in advance



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:48 PM

Posted 03 November 2013 - 12:19 PM

Welcome aboard p22002758.gif

 

Can you post AVG log?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Judonems

Judonems
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 03 November 2013 - 09:15 PM

I cant see how to obtain a AVG log

As my computer now has no Internet Explorer I cant get on the net. Using an old laptop atm.

 

One thing I have noticed is that my Documents are all in tact

When I open an existing word doc and under File go to New I am able to access these Office programs (same with excel etc)

so it appears to me as tho all the shortcuts and icons etc to my programs have disappeared

 

I have attached a Malwarebytes log in case that is of use

 

Geoff

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.02.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
user :: USER-PC [administrator]

2/11/2013 11:26:00 PM
mbam-log-2013-11-02 (23-26-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208067
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 1
C:\Program Files\Swift Browse\updateSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> 2176 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKLM\SYSTEM\CurrentControlSet\Services\Update Swift Browse (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{808dc83c-d35b-4fba-a5b5-9a52103204df} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{79f2e347-1d36-4e2e-a676-76550a20d541} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\Interface\{47ADEAA5-2986-44B2-A914-5D8516E58443} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TranslationBuddy_5e.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TranslationBuddy_5e.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TranslationBuddy_5e.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TranslationBuddy_5e.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.claro-search.com/?affID=114506&tt=3912_7&babsrc=HP_clro&mntrId=405600f3000000000000001cc071fd09 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=s32&utm_campaign=eXQ&utm_content=hp&from=s32&uid=WDCXWD3200AAKS-00B3A0_WD-WCAT1334336043360&ts=1383380615) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 6
C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\Swift Browse (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Users\user\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\OpenCandy\99A7887E585B40D9A871E1BBDF0FA164 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\OpenCandy\OpenCandy_99A7887E585B40D9A871E1BBDF0FA164 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 19
C:\Program Files\Swift Browse\updateSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Program Files\Swift Browse\SwiftBrowseBHO.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files\TranslationBuddy_5e\bar\1.bin\5esknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp77AF.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp80B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5TJX4AYH\Setup[1].exe (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\9RJQDPI3\wavepad_free_audio_editing_software_setup[1].exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\FMYPFV1U\ATO_TAX_geoffchil[1].zip (Trojan.Email.FA) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\Swift Browse\SwiftBrowse.ico (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files\Swift Browse\SwiftBrowseUninstall.exe (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files\Swift Browse\updateSwiftBrowse.InstallState (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\OpenCandy\99A7887E585B40D9A871E1BBDF0FA164\TuneUpUtilities2013-2200309_en-US.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3272810\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:48 PM

Posted 03 November 2013 - 10:11 PM

You should be able to check AVG vault for what was removed: http://www.wikihow.com/View-the-Virus-Vault-in-AVG

How to obtain AVG log: http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=168173


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Judonems

Judonems
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 06 November 2013 - 03:47 AM

Thanks for your help Broni

 

This is beyond my capabilities

As I need the computer urgently I have had to take it to a technician

 

Regards...



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:48 PM

Posted 06 November 2013 - 08:08 PM

No problem :)


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users