Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, I think I have a virus. Maybe.


  • Please log in to reply
8 replies to this topic

#1 123henry123

123henry123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 July 2014 - 05:00 AM

Hello chaps.

 

Not very computer adept I'm afraid so I'm come here to beg for help. If I miss out key info ask and I shall provide, sorry, not really sure what I'm looking for. Basically, Avast has been blocking an awful lot of activity lately, but it's not while I'm surfing the web - Avast appears to be saving me from files already on my Local PC if you see what I mean. As an example, here is a screenshot of my 'Virus Chest', where files are sitting which Avast has isolated as dangerous. http://i.imgur.com/pDl2ls6.png

 

Now I'm hoping you might look at that screenshot and go 'ah yes, I know the problem', but just in case, a few more details. Firstly, obviously, it all seems to be coming from "AppData" - the roaming folder more specifically. Does this mean anything? I do not know, but perhaps you do. Secondly, even if my computer was flooded with viruses, if Avast was dealing with all of them I suppose that would be fine, it's what its there for. But I do believe that they actually are affecting my system, because my internet seems very slow, programs crash slightly more often that they used to and - most strange of all, something that's really got my attention - I can't open Google Chrome, it closes/crashes IMMEDIATELY everytime I open it, regardless of how often I restart the PC etc. etc.

 

I know I am an awful idiot and it's probably my fault that I've got this in the first place, but if any of you can help me fix it you'd have my immense gratitude. Thank you frightfully in advance. I feel cheeky asking for free help but apparently that is the done thing.



BC AdBot (Login to Remove)

 


#2 123henry123

123henry123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 July 2014 - 05:18 AM

This just happened also. The only window I had open was Facebook, I don't know what the URL is, I have never visited it. http://i.imgur.com/DjFIa2r.png



#3 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 09 July 2014 - 05:50 AM

http://malwarefixes.com/threats/bvagent-aqv-trj/

http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=94537&sind=0&sitepanda=particulares


Disclaimer:

1.  I'm not familiar with the reputation of this sites :scratchhead: .
2.  Read both references before doing anything.
3.  I've abandoned :flamethrower: Norton/Symantec years ago.
4.  Use the indicated procedures at your own risk.

 

Best of luck!



#4 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 09 July 2014 - 06:14 AM

This just happened also. The only window I had open was Facebook, I don't know what the URL is, I have never visited it. http://i.imgur.com/DjFIa2r.png

 

The "hxxp" is strange and seems to be a way to get around blocking mechanisms.  If you try to add the site into Avast's site blocking area, it automatically adds http:// to the start, thus resulting in:

http://hxxp://tehqk9kl.sitta.cc

No matter what I did, would Avast accept what I put in, it always added the http://.

So with NOTEPAD open -- DO NOT USE WORD, ETC:

C:\Windows\System32\drivers\etc\hosts, add these lines in, save it and reboot.

127.0.0.1   hxxp://tehqk9kl.sitta.cc
127.0.0.1   http://tehqk9kl.sitta.cc
127.0.0.1   tehqk9kl.sitta.cc

Reboot to be safe.

The 127.0.0.1 keeps your computer from connecting to the "cc" site listed.  Normally you add in sites with and without the "http", like in lines 2 and 3 above.  But since the bad site is using the "hxxp", you have to include that also.  Although adding the site to AVAST would be better, because of the "hxxp", using the hosts file is needed.
.
Best of luck!



#5 123henry123

123henry123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 July 2014 - 06:30 AM

 

This just happened also. The only window I had open was Facebook, I don't know what the URL is, I have never visited it. http://i.imgur.com/DjFIa2r.png

 

The "hxxp" is strange and seems to be a way to get around blocking mechanisms.  If you try to add the site into Avast's site blocking area, it automatically adds http:// to the start, thus resulting in:

http://hxxp://tehqk9kl.sitta.cc

No matter what I did, would Avast accept what I put in, it always added the http://.

So with NOTEPAD open -- DO NOT USE WORD, ETC:

C:\Windows\System32\drivers\etc\hosts, add these lines in, save it and reboot.

127.0.0.1   hxxp://tehqk9kl.sitta.cc
127.0.0.1   http://tehqk9kl.sitta.cc
127.0.0.1   tehqk9kl.sitta.cc

Reboot to be safe.

The 127.0.0.1 keeps your computer from connecting to the "cc" site listed.  Normally you add in sites with and without the "http", like in lines 2 and 3 above.  But since the bad site is using the "hxxp", you have to include that also.  Although adding the site to AVAST would be better, because of the "hxxp", using the hosts file is needed.
.
Best of luck!

 

It doesn't seem to let me save it.

Also, where do I put those lines? RIght at the end?



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 PM

Posted 09 July 2014 - 06:40 AM

Hi,

i would seem that you have been infected, rather than just blocking the one website that you caught,I would recommend running a system scan with Malwarebytes to make sure you're clean.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 123henry123

123henry123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 July 2014 - 06:42 AM

Hi,

i would seem that you have been infected, rather than just blocking the one website that you caught,I would recommend running a system scan with Malwarebytes to make sure you're clean.

regards
myrti

 

I did this, it deleted a file, then restarted. I ran the scan again - it found another. It finds files but seems unable to clean the system completely.



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 PM

Posted 09 July 2014 - 07:06 AM

Hi,

then I would recommend to repost in the malware section:
Please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, make a NEW TOPIC and post it ==>HERE Malware Removal Area <==

Do not run ComboFix or other tools unless under strict direction. Just include the requested logs from above.
Please be sure to include a description of your computer issues and what you have done to try to resolve them.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.

If you can tell us or leave a link to your new topic, we will lock this one and only the Malware Response Team should reply to your problem.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 09 July 2014 - 07:48 AM

I forgot to say, that since it's accessing it in Windows, you need to run it as admin.  Excuse me!

 

Have a great day.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users