Win32/Heur Infection

[Humdot]

A couple of days ago i was infected with this trojan virus, and it started spreading very quickly. I kept scanning my computer with Avg free and spybot deleting anything that they found, but they keep coming back.
So then i found this website, and followed the 8 step instructions thread and right now im not sure if theyre gone but i will attach all the logs and hopefully you guys can help me out
Thanks, David.

EDIT: turns our they're not gone i just did another scan with Anti-Malware and it picked up 2 trojans.

Just an Update, did some more tests and have more recent log files.

 

[ralphedison]

Hello
Try to scan in safe mode as some viruses starts even at booting. Also When scanning also include Any Removable Drivers such as USB Drives

 

[Humdot]

Oh ya, the second logs i posted in the reply were all done in safe mode, and i scanned all drives

Bump, i really need some help with this guys, i remove all the viruses but somehow they manage to come back, please help!

 

[touch]

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Attach combofix txt in next reply

 

[Humdot]

Thanks touch, well i ran combofix for about 8 hours, all i had the whole time was an empty blue box, am i supposed to have the internet connected?, because i disconnected before running combofix.

 

[kimsland]

Try this

Un-install Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 
• Any popup errors about Antivirus just ok or close

Note #1: 1 space after ComboFix in that uninstall command
Note #2: Substitute Combofix for whatever name was used if renamed

Re-Download Combofix Instructions

• Download Combofix to your desktop.
• Rename ComboFix to ComboF
• Double click ComboF & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

 

[Humdot]

Thanks kimsland, logs attatched.

 

[kimsland]

Program installed:
uTorrent
BitComet
Limewire
AVG8
Symantec
Spybot - Search & Destroy
DAEMON Tools

Info on using P2P Programs => https://www.techspot.com/vb/topic124748.html

Quote from 8-Step Removal Guide:

Uninstall File Sharing/P2P Programs

During the cleaning process all File Sharing Programs should be uninstalled
This is to avoid any possible reinfection of any malwares through file sharing

We reserve the right to withdraw our support:

• If such programs are found in your logs
• Should you not agree to their removal.

As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer

 

[Humdot]

Yeah i read that and uninstalled LimeWire but completely forgot about uTorrent because i never really use it. BitComet i uninstalled a long time ago and LimeWire was already uninstalled so i don't know why they're showing up. :S
Anyway, i've made sure theyre gone now and deleted the folders located in C:\Program Files. New HJT log attatched.

 

[kimsland]

I'd suggest you run Combofix again
But I may not continue helping here on this thread anyway. If it were up to me (ie if it was my computer) I'd probably backup and re-install clean

 

[Humdot]

Hmm, well i don't think i can right now, almost finished with my last semester of school and ive got a lot of work to do and ive been pretty busy lately so i don't know if i can go through the hassle of formatting, especially since i need my comp for assignments all this week. I understand if you can't help though.

Anywho if you are still going to help me i have some new problems . When trying to install Avira to replace AVG i get this error: File C:\DOCUME~1\David\LOCALS~1\Temp\RarSFX0\basic\setup.exe has been changed! Setup cannot continue.

Also ComboFix is coming up with an error saying Its not safe to continue and that i should download a new copy because it has been comprimised, but even when i do download a new one it says the same thing (i tried several times). This started happening after i updated it.

On the bright side scans with Spybot, Anti-malware and Super anti spyware are comign up with only 1-2 trojans and sometimes none, as opposed to about 10 a few days ago.

 

[DelJo63]

FOCUS on what's important! Disconnect from the Internet and get those assignments written and printed!

Come back here when you have a weekend to burn.