Win32/Heur Virus - Followed 8 Steps

Status
Not open for further replies.
S

Spinny

Posts: 10   +0
Hello, I have followed the 8 steps that are recommended on the site. Like several other posts I have read, I seemed to have picked up the Heur virus yesterday. I first noticed that I had a few windows randomly popping up. I was running AVG 8antivirus software, and it picked up some other trojan horse viruses as well as the Heur. I am having problems getting windows to start up now as well. I now have a log on screen that prompts where before it automatically booted up to windows without a need to log in. No password is required, but I can't seem to get windows to consistently boot up. Frequently I get an error for "Userinit logon application" faulting out which doesn't allow the windows to continue booting up. Anyways, attached are the logs that I believe are requested. I would be very greatful if you can provide some insight on how to wipe this clean on my PC. I have tried to clean it off with the AVG and Anti-Malware software several times, but it doesn't seem to work completely. Thanks in advance.

View attachment 44591

View attachment 44592

View attachment hijackthis.log
 
hi spinny, if possible try not to use avg and use avast or avira as recommended in the forum here. if you search around the forum here, i think there is a proper way to uninstall avg but that is entirely up to you. other than that, just hang on tight while someone knowledgeable will help you soon.
 
I did download Avira but haven't enabled it yet due the the comments about disabling the antivirus while wiping viruses. I was hoping someone could interpret my logs to advise me on how best to wipe the viruses.
 
Actually I do agree, although you are right about checking the logs first (which I've done) But AVG8 is not fantastic (as you have found out) for detecting Virus infections

Here's what to do ;)

Post the logs​
 
I uninstalled AVG as directed. However, I have gotten a fault when trying to install Avira. I get a prompt reading:

"The CRC sum of C:\DOCUM~1\Owner\LOCALS~1\TEMP\RarSFX0\basic\setup.exe has been changed! This could be due to a virus! Do you want to shut down setup?"

The only button available to push is OK which closes the window. I am thinking I will need to download the program again. Meanwhile, here are the logs. Thanks again for the help.

View attachment 44640

View attachment 44641
 
Well it's still finding Malware

Try this if Avira still faults on install:

Run CCleaner

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this ;)
 
Everything is working fairly well right now other than having the log on screen at boot up which I used to never have. Additionally, I have to unplug my router during start up or it stalls. Still no luck installing Avira. I'm trying to download it again as we speak.
 
Your Router should be connected as Ethernet not USB, if that helps

Also before trying to install Avira again, you may want to do this:

1. Run CCleaner
2. Do another ComboFix ;)
 
When you list CCleaner, do you mean the whole listing because the last system item of "Wipe Free Space" makes a difference of a 2 second cleaning to 1 hour and 45 minutes. I have done the full blown version twice yesterday, and it consumed most of the night.
 
Well, here is the last combofix log regardless.

View attachment 44644

Update: I was able to get Avast to download and installed since Avira still had the installation failure. Avast seems to routinely find viruses, but as of yet, has not been able to repair or quarantine them successfully.
 
Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

Download, and run the "RunThis.bat" in Safe Mode, as advised
Then attach the log and a new HJT log
Oh by the way, it says that it may take 20mins to scan! (Mine took over an hour to complete!)
 
Update: last night after unsuccessfully getting Avira to install, I was able to download and install Avast. As suspected, it found plenty of viruses. It directed me to reboot where it would attempt to clean the rest of the viruses. However, after it was done, I have not been able to successfully boot up windows again. I can't log in to perform the SDFix action that you recommend. I seem to only be able to boot to the recovery console through the boot menu. When I log onto Windows the traditional method, it never shows the desktop but goes right back to the login screen after about 5 seconds. Help! :)
 
Can you now get to Normal mode?
If so then you will need to run SDfix again in Normal mode

If not, then run Combofix again, and hopefully from Safe Mode the malware will be removed
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
151
dangh
dangh
midian182
HP Smart app mysteriously appears on non-HP Windows PCs
Replies
1
Views
308
Mark Fuller
M
Shawn Knight
Panos Panay, Microsoft's Chief Product Officer, steps down after nearly 20 years
Replies
2
Views
285
sorten
S

Latest posts

Back