[Closed] Possible fake AVG and Security Shield virus

By dover1982
Aug 3, 2012
Topic Status:
Not open for further replies.
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    We should check it out one last time...

    Please download Hitman Pro


    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.
  3. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Code:
    HitmanPro 3.6.2.171
    [URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
       Computer name . . . . : MARY-PC
       Windows . . . . . . . : 6.0.2.6002.X64/4
       User name . . . . . . : Mary-PC\Mary
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
       Scan date . . . . . . : 2012-10-11 10:56:15
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 4m 3s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 3
       Traces  . . . . . . . : 18
       Objects scanned . . . : 6,881,921
       Files scanned . . . . : 47,427
       Remnants scanned  . . : 2,201,085 files / 4,633,409 keys
    Malware remnants ____________________________________________________________
       C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\@ (ZeroAccess) -> Deleted
       C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\L\ (ZeroAccess) -> Deleted
       C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U\ (ZeroAccess) -> Deleted
    Cookies _____________________________________________________________________
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ad.360yield.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ads.pointroll.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ads.pubmatic.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:apmebf.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ar.atwola.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:at.atwola.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:atwola.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:collective-media.net
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:doubleclick.net
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:invitemedia.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:kaspersky.122.2o7.net
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:media6degrees.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:tacoda.at.atwola.com
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:track.prd1.netshelter.net
       C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:xiti.com
    
    
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    We need to find out where this thing is hiding and exterminate it for good... please do the following:

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  5. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    I have a set of Recovery Disks and on the disk it says "Warning: This process erases all data and files from the hard drive". Does this happen once I insert the disk? I haven't yet backed up my files so I was wondering if I should do that now.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not at all. Were you not able to access Repair your computer option from the menu?
  7. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    No, I haven't ever been able to access any options through pressing F8 with this computer. I'm going to try the other options you posted though.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  9. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    I'm having to use the recovery disks but not able to access System Recovery Options. I insert and restart the computer but it just starts up as normal. I also am not sure how to access BIOS settings, the only way I know to is to press F8 upon startup but that doesn't work on my computer.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Right when the computer starts up, press the F2 button, and it will load the setup screen. Find boot options, and change the order to have CD-ROM/DVD-ROM drive as first.
  11. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Nothing seems to work on the keyboard when the computer is starting up. I tried pressing F2 like you recommended but it didn't work. The initial start up screen shows "Del: Enter Setup; F12: Boot Menu", which I tried both but neither worked.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.