You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Malware removal help request
- Thread starter mpipis
- Start date
- Status
- Not open for further replies.
Welcome to TS. It's helpful when you call attention to findings in the log, as you did, and adding symptoms is useful for understanding the threat / infection. The included log from Avast gives a third view of the infections on your computer. For your case, we will supplement our guide with a special scan / tool. Please review the 8-step guide for MBAM usage.
Observation: More progress is needed.
Overview -
Observation: More progress is needed.
- Your logs show found but unanswered items - React to unanswered items appearing in scan logs
- NO Action’ - Remove Selected when offered by MBAM
- 'Delete on Reboot’ - Restart the computer after concluding the scan
Overview -
- ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
- Uninstall old copy of ComboFix
- Update both MBAM & SAS. Rerun them both.
- This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
- Typically extra repeat scans are not needed
- Follow ComboFix instructions referenced below.
- Scan with HJT. (part of instructions for ComboFix)
- Posts logs. Report progress & what changes are observed. Include logs that found infections.
Uninstall Combofix - if present on the computer
Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:
- 1 Spybot S&D (Teatimer)
- 2 Ad-Aware Ad-Watch
- 3 Spywareguard
- 4 Windows Defender
- 5 TrojanHunter Guard
- 6 Disable SpySweeper
- 7 WinPatrol
- 8 CounterSpy
- 9 AVG Anti-Spyware (formerly ewido)
- 10 Spyware Doctor
- 11 Prevx
- 12 ProcessGuard
- 13 ZoneAlarm's OS Firewall
- 14 Ad-Aware 2007 Service
Get the following error on reboot
Error loading
C:\windows\system32\bofayti.dl
i click ok and everything continues to load.
While running MBAM scan avsat gave the following warning
12/3/2008 10:20:51 AM SYSTEM 184 Sign of "Win32:Buzus-JM [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{17941672-83C6-4705-B807-583FD0076E1E}\RP537\A0133259.EXE" file.
Was unable to move it to the avast chest, but was able to delete the file. Havent had anymore warnings ........yet
I've ran MBAM 6 times now, but one threat always seems to stay, even after its removed, it will show up in another scan.
Looks like this:
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lozayoziya (Trojan.Agent) -> Quarantined and deleted successfully.
SAS came up clean after 2 scans.
Im not sure if I should run ComboFix, since MBAM does not come up clean.
I've attached the the MBAM logs, first one is what was removed one the first scan, the 2nd MBAM log shows what is found everytime I re-run MBAM.
Error loading
C:\windows\system32\bofayti.dl
i click ok and everything continues to load.
While running MBAM scan avsat gave the following warning
12/3/2008 10:20:51 AM SYSTEM 184 Sign of "Win32:Buzus-JM [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{17941672-83C6-4705-B807-583FD0076E1E}\RP537\A0133259.EXE" file.
Was unable to move it to the avast chest, but was able to delete the file. Havent had anymore warnings ........yet
I've ran MBAM 6 times now, but one threat always seems to stay, even after its removed, it will show up in another scan.
Looks like this:
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lozayoziya (Trojan.Agent) -> Quarantined and deleted successfully.
SAS came up clean after 2 scans.
Im not sure if I should run ComboFix, since MBAM does not come up clean.
I've attached the the MBAM logs, first one is what was removed one the first scan, the 2nd MBAM log shows what is found everytime I re-run MBAM.
As with most scans, the repeat scans looks for any infection that is now unmasked or a clean run. Always assess if symptoms remain.
Please run ComboFix & HJT. ComboFix cleans & provides diagnostic information that is used to find enabling infections that remain or just residue.
Please run ComboFix & HJT. ComboFix cleans & provides diagnostic information that is used to find enabling infections that remain or just residue.
Thanks for establishing the symptoms are gone. The ComboFix log is also clear.
Some cleanup items: uninstall ComboFix & establish a clean restore point.
Cleanout Old System Restore Points
Disk Cleanup From the Taskbar
Some cleanup items: uninstall ComboFix & establish a clean restore point.
Cleanout Old System Restore Points
Disk Cleanup From the Taskbar
- Start > Programs > Accessories > System Tools > Disk Cleanup
- Click OK to accept C:
- Tick all Boxes
- Click More Options
- Click System Restore and OK to "Are you sure" and the OK to Run.
- Results -
- Only the most recent Restore Point remains
- Clears 'Shadow Copies' [ Volume Shadow Copy running is the default ]
- used by specialized back up programs.
- reclaims a huge amount of disk space.
- removes infected files
- Start > Programs > System Tools > System Restore
- Left Pane > System Restore Settings
- Tick 'Turn off system restore on all drives', Click 'Apply'
- Wait for completion
- Untick ' 'Turn off system restore on all drives', Click 'Apply'
- Wait for completion. OK to end menu. Exit
- Status
- Not open for further replies.
Similar threads
- Replies
- 8
- Views
- 2K
- Replies
- 5
- Views
- 855
Latest posts
-
How to play PS1 Doom on PC (and why you might want to)- Thrackerzod replied
-
What would my FPS be low with 4090?
- Nelson28 replied
-
Monitor suggestions
- Nelson28 replied
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.