8 Steps and Logs

[Dr. Vader]

My desktop was recently infected so I decided to just run the 8 steps to confirm I have no other infections. Here are the logs.

Bump for help.

Moderator Edit
Bump can only be used after 48Hrs
.

 

[kimsland]

I think whilst you have BitTorrent installed there's no use, as you will likely be re-infected over and over.
These sharing programs usually allow malware to be installed quite easily. As the programs and files (generally) that are downloaded, are usually infected. So I feel that it would be best to remove this file sharing program first.

After that run this:

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Restart

Then do another scan with HJT (scan and log file) and attach this to a new reply as well

 

[Dr. Vader]

Here's the updated logs and bittorent is gone.

It says I already have the HJT log uploaded, but I don't see it as an attachment.

The Combofix log is posted though.

(Had to remove logs to reupload)

 

[kimsland]

That's strange it says bittorent is still installed, although it may just be the Program Folder

Also, to get HJT log attached, you may need to rename it to HJT2.log or something

 

[Dr. Vader]

I deleted Bittorent from Program Files, and rescanned with HJT and Combofix, here are the updated logs.

 

[kimsland]

Uninstall your AVG8 Antivirus (if still installed)
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

Restart

Basically AVG8 was listed in your Program files

 

[Dr. Vader]

I'm sorry I forgot to mention that I am a CMT in training.

So I understand what you're saying about Bittorent and what not, but I don't mind taking the risk associated with it.

I can take the advanced user talk, and if I can't I'll find out what it means. I've built quite a few computers, and have wiped them, but I just wanted to get acquainted with the 8 steps, because I haven't used them before.

I removed AVG8 from my Programs Files, and used the removal tool you gave me, is there anything else that you saw that I should delete?

 

[kimsland]

Please re-scan with HJT, and place a tick in the box next to the following entries
Close all browsers (like Internet Explorer or Firefox etc) then select Fix

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dr. Vader\Program Files\DNA\btdna.exe"
O13 - Gopher Prefix:

As Bittorrent, still remains (your risk) I must advise that depending on what you download, usually (often) these downloads also include Malware. Therefore I would normally stop at this point. As I would be just chasing my tail trying to remove malware everyday from your computer.
Therefore the above entry in Blue is user choice

I have still decided to go through your logs anyway (as quoted above), but I will only advise the next step and likely stop from there (basically you will be clean at that present point anyway)

Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

Download, and run the "RunThis.bat" in Safe Mode, as advised
Then attach the log