Win32/heur and win32/Tanatos.J - corrupted the computer

[kddhruv]

Hi,

My "avg" shield keeps on detecting win32/heur and Tanatos.j and virus has corrupted the music files. "avg" can not heal it and have tried few steps from the forum that would give me "hijackthis" log. Am not sure how to move forward now.
Can you help?
Have also installed "Malwarebytes Anti-Malware" software but it is not running.
I am attaching "hijackthis" log file for reference.
I am also attaching the avg shield detected list of viruses.

 

[B00kWyrm]

You _will_ find the help you need here...

First, if you have not already done so...

You need to read, understand, and strictly follow the directions
which you find at the top of this board.

Start with... https://www.techspot.com/vb/topic120350.html
Then ... https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Followed by ... https://www.techspot.com/vb/topic65943.html

Once you have posted the three (3) logs mentioned in the 8 steps,
one of the experienced helpers will be more able to assist you.

How to post your Hijackthis log-file as an ATTACHMENT:
https://www.techspot.com/vb/topic19133.html

Good Luck. Repost if you have difficulties along the way.

 

[kddhruv]

Thank you, I will follow the steps and update

 

[kddhruv]

Hi,

I got stuck up at step 4. I have downloaded the Malwarebytes anti-malware and it has been installed but it does not run. Can you help? It is not opening up.

 

[Bobbye]

1. You have both AVG and Symantec security on the system. Decide on one, uninstall the other.

2. You have a DNSChanger Trojan Horse malware infection

O17 - HKLM\System\CCS\Services\Tcpip\..\{54BC4668-14B0-4220-AE8B-A9E349DA9707}: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\..\{99A728AB-0933-42EF-AB38-2F55A625C232}: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98

Trojan DNSChanger
Trojan DNSChanger is a Trojan that will modify the DNS settings on compromised computer resulting to redirection of search results and web pages to an affiliated websites. Common infection of Trojan DNSChanger was caused by downloading and installing a fake multimedia codec from illegitimate websites.

Aliases:
DNSHijacker, DNS Changer, Trojan.DNSChanger, Trojan.Flush.K

Common Symptoms:
1. Internet browser will be redirected to aicse.com, hrena.com, oldhetaira.com, robogold.biz, sesat.com, casinocaesar.com,
btcar.com, camouflageclothing.net, rpicamps.com, sandiego.citysearch.com, shopica.com, weddingcamerasplace.com and so on.

OTher bad entries in HijackThis:

R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
O2 - BHO: MCIEPlugIn Class - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

You are going to require extensive cleaning and resetting.

See if Malwarebytes will run in Safe Mode. Then if some of the infection is handled, it can be updated and run again in Normal Mode. Wee need to see the logs from Mbam, Superantispyware and a new scan with HijackThis AFTER you run these 2 programs.