[Closed] Possible fake AVG and Security Shield virus

Status
Not open for further replies.
We should check it out one last time...

Please download Hitman Pro


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
Code: 
HitmanPro 3.6.2.171
[URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
   Computer name . . . . : MARY-PC
   Windows . . . . . . . : 6.0.2.6002.X64/4
   User name . . . . . . : Mary-PC\Mary
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
   Scan date . . . . . . : 2012-10-11 10:56:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 18
   Objects scanned . . . : 6,881,921
   Files scanned . . . . : 47,427
   Remnants scanned  . . : 2,201,085 files / 4,633,409 keys
Malware remnants ____________________________________________________________
   C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\@ (ZeroAccess) -> Deleted
   C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\L\ (ZeroAccess) -> Deleted
   C:\Users\Mary\AppData\Local\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U\ (ZeroAccess) -> Deleted
Cookies _____________________________________________________________________
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ad.360yield.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:apmebf.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:ar.atwola.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:at.atwola.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:atwola.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:collective-media.net
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:doubleclick.net
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:invitemedia.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:kaspersky.122.2o7.net
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:media6degrees.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:track.prd1.netshelter.net
   C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\cookies.sqlite:xiti.com
 
We need to find out where this thing is hiding and exterminate it for good... please do the following:

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
I have a set of Recovery Disks and on the disk it says "Warning: This process erases all data and files from the hard drive". Does this happen once I insert the disk? I haven't yet backed up my files so I was wondering if I should do that now.
 
No, I haven't ever been able to access any options through pressing F8 with this computer. I'm going to try the other options you posted though.
 
I'm having to use the recovery disks but not able to access System Recovery Options. I insert and restart the computer but it just starts up as normal. I also am not sure how to access BIOS settings, the only way I know to is to press F8 upon startup but that doesn't work on my computer.
 
Right when the computer starts up, press the F2 button, and it will load the setup screen. Find boot options, and change the order to have CD-ROM/DVD-ROM drive as first.
 
Nothing seems to work on the keyboard when the computer is starting up. I tried pressing F2 like you recommended but it didn't work. The initial start up screen shows "Del: Enter Setup; F12: Boot Menu", which I tried both but neither worked.
 
Status
Not open for further replies.

Similar threads

A
Google is improving security for Gmail's most "sensitive" settings
Replies
1
Views
353
ZedRM
ZedRM
midian182
Amazon sold a fake RTX 4090 with an RTX 4080 GPU and fried components
Replies
10
Views
333
Mr Majestyk
M
midian182
Security researcher charged with defrauding Apple out of $2.5 million, company thanks...
Replies
5
Views
220
WhoCaresAnymore
WhoCaresAnymore

Latest posts

Back