To do first:
1. If you intend to keep Norton as your security, you need to uninstall AVG. Multiple antivirus programs actually make the system more vulnerable. It is still loading and running. Please run this
AVG Removal: Note: You may have to reinstall AVG to uninstall it fully
Reboot the computer when through
2. Remove both of these Domains from the Trusted Zone. The security is lower for this zone and having Domains in it is a vulnerability.
Nothing needs to be in the Trusted zone:
Open Internet Options in the Control Panel or Tools in IE:
- Click on the Security tab
- Click on Trusted Sites, then Sites
- Highlight each of the following> Click on Remove:
[o] aol.com\free
[o] turbotax.com
- Click on OK> Apply> OK
3.
Removing old Java and update to current version: Please download
JavaRa and unzip it to your desktop.
(Note: screenshot shows earlier version, but is the same for current version)
- Please any instances of Internet Explorer before continuing!
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update21: .
Java Updates
About the Norton Alert: Norton does not distinguish location of the file when giving the alert. It is possible that it was in a restore point, in the Recycler or in a quarantined folder from another security program, but not active in the system. Unfortunately Norton instructs the user to do things like turn off system restore, which we don't do until the end of cleaning.
Did you save the log from TDSSKiller? If so, I'd like to see it. (Don't run it again- just leave log if you have it.)
=====================================
Please reboot the computer after all of the above has been handled:
Download ComboFix from
Here and save to your Desktop.
[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.
- NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.