Jump to content

Recommended Posts

Can I please have some help completely removing this virus, I was on facebook actually playing a game when I noticed my neighbor list the 1st person had no name picture or token count I didn't click on it, so I got out of the game but was still in facebook next thing I knew computer was actually funny and slow so I closed the window and all of a sudden I seen a black screen pop up and i couldn't see what it said but caught the last part that said copied it did it twice and then one of my icons on my desktop disappeared which one I don't know so i shut down and turned on the computer and started to run test. Thank you I was gonna run a HJT but its been so long since I've had to forgot how lol

 

My logs from Malwarebytes, SuperAntiSpyware and AVG

 

Malwarebytes showed this

C:\Users\Kristina\AppData\Local\Temp\.exe (Trojan.Agent) -> No action taken. ( just finsihed )

 

SAS log

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/25/2012 at 10:08 PM

 

Application Version : 5.0.1142

 

Core Rules Database Version : 8168

Trace Rules Database Version: 5980

 

Scan type : Complete Scan

Total Scan Time : 00:42:18

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

 

Memory items scanned : 760

Memory threats detected : 0

Registry items scanned : 42579

Registry threats detected : 0

File items scanned : 54735

File threats detected : 100

 

Adware.Tracking Cookie

C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Cookies\DDDH5622.txt [ /atdmt.com ]

C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y62BUHVZ.txt [ Cookie:[email protected]/ ]

C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q1H41GXQ.txt [ Cookie:[email protected]/ ]

C:\USERS\KRISTINA\Cookies\DDDH5622.txt [ Cookie:[email protected]/ ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.realmedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.akamai.interclickproxy.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adxpose.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.r1-ads.ace.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pro-market.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pro-market.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.tribalfusion.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.at.atwola.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.yieldmanager.net [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.apmebf.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.lucidmedia.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.questionmarket.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.questionmarket.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\KRISTINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

 

Adware.OpenInstall

C:\USERS\KRISTINA\DESKTOP\AVG_FREE_STB_EN_2012_1873_FREE.EXE

 

AVG

"Object name";"C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D9TBMKM\Firefox%20Setup%205.0.1[1].exe"

"Object name";"C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UW1SLHZ\SkypeSetupFull[1].exe"

Link to post
Share on other sites

Kristina, rescan with Malwarebytes ...* Be sure that everything is checked, and click Remove Selected.

 

Next, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Run a full scan with AVG to make sure all crumbs have been cleaned up.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...