Think I have a virus - Prep done

[littlehelper]

Hi, I have been getting virus warnings come up on my computer the last 2 days, I'm fairly certain it has come from a website pop-up (cant remember which one sorry).

I actually came here initially because my USB drive had stopped showing in My Computer, but still comes up as working fine in the Devices control panel. I thought it might be due to a virus, then I eventually got onto the Malware forum area and saw this same thing in another couple of people posts... Im not sure if it has something to do with the virus? Hopefully someone can help me figure that out.

Many thanks to anyone who can help me.

UPDATE: I forgot to mention, I have done a fullscan using Avira, 4 times, each time requiring a re-boot to finish, then telling me to scan again so I do... Each time there are viruses - I have included the most recent log (2 parts due to filesize). I will keep scanning if I am sposed to?

UPDATE: My scan this morning showed up 25 of the following infections - all the same virus type, all very similar filename and all in the same directory: "C:\WINDOWS\system32\ovfsthdripmbivkoruokeivdlcbpqxroiurtwt.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan"

 

[haterjake]

hey

i would google Malwarebytes and download it, a verry good anti malware. also, make sure you have all of your drivers installed and up to date.

 

[littlehelper]

Already done that...

Thanks, but I have already done that and attached my logfile if you were wanting to look at that.

Anyone else have any ideas here?

 

[touch]

Sorry for late reply

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
C:\WINDOWS\system32\dakimuyu.dll

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[littlehelper]

Thanks touch! My combofix log is attached.

 

[touch]

Open notepad and copy/paste the text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
C:\WINDOWS\system32\kuyijovi.dll,C:\WINDOWS\system32\filohugu.dll
C:\WINDOWS\system32\ovfsthdripmbivkoruokeivdlcbpqxroiurtwt.dll
F:\d1y36.com

Folder::
c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\uTorrent
Driver::
smp_lpt

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d8c0181-bca4-11dd-9963-001d7dd6d76a}]

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and attach back the resulting report.

 

[littlehelper]

Next combofix log attached touch.

 

[touch]

How are things running now ?

 

[littlehelper]

I am all clear on the virus scans and back to normal touch. Thankyou so much!!!

My USB drive is showing up now too - if u have a moment, can you tell me why that wasnt working? Is there a simple way to cull the problem if it happens again or was that due to the virus?

Thanks again.

 

[touch]

That´s good news

It looks like you have got an infection on your USB drive, I´ll therefore suggest you run this tool to prevent reinfection:

Download Flash_Disinfector.exe by sUBs from http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.

Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


I´ll suggest you run the 8 step guide, to make sure you don´t have other infections ->

Please run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply