Win32/heur

Status
Not open for further replies.
T

TheLeoMatthew

WIN32/heur

I picked up two of them with avg. At first it wouln't allow me to remove them. After a couple of attempts, AVG no longer detects any threats. However, Firefox is acting spazzy. I can't view certain pages. Sometimes it won't find the address to a site, then I will refresh and it will appear. My AVG update is somehow not connecting to the site for updates. Those seem to be the only two real problems. My internet will work one second, and the next it won't, and the automatic update will not update. I have used Registry Easy as well to try and fix the problems, but so far even without detecting any viruses I am still having problems. If anyone has any ideas, or recommends downloading any programs I will haft to have a direct link to the .exe because when I try and download certain things like malwarebytes, it won't open the page. Can anyone help, I just reformatted my computer not too long ago, and I'd hate to haft to do it again. Also, when AVG did detect the viruses they were both located within the firefox folder, or at least said something about firefox.

thanks,
matt
 
Hey Matt,

Welcome to Techspot!

My name is Blind Dragon and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)MBAM log
2)SAS log
3)Hijackthis log (last step)

This thread is for the use of TheLeoMatthew only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Logs

I followed the 8 steps, internet seems to be back to normal, my AVG update is working. Everything seems back to normal, but here are the logs files for good measure. Thank you so much by the way. You're a gentlemen and a scholar.
 
Matt,

Nicely done. When we are done remind me to tell you about OpenDNS if I forget :grinthumb

Due to the nature of your infections there are a few more steps to ensure the infection is removed.

Step 1
Fixing the hijacked DNS

*Go to Start -> Run -> type cmd -> press enter -> at the prompt type ipconfig /flushnds -> note the space and press enter

1. Shut down your computer, and any other computer connected to your router.

2. On the back of the router, there should be a small hole or button labeled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds. Unplug the router. Wait sixty seconds. Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.

3. With the router unplugged, start your computer. Run MBAM again.

4. Connect again to the router. The turn the router back on. When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.

5. Attach the new offline MBAM scan results here.

====================================================

Step 2
avatar62338_9.gif
Combofix
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
Link 3
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Attach Here:
1) The offline MBAM log
2) The combofix.txt log


This thread is for the use of TheLeoMatthew only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

C
Differences in Internet Providers?
Replies
1
Views
273
Nelson28
N
N
Issue with Dark and Light settings in forums mode
Replies
4
Views
650
Neatfeatguy
N
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E

Latest posts

Back