My name is etavares and I will be helping you with this log.
Here are some guidelines to ensure we are able to get your machine back under your control.
- Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
- Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
- Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
- Please reply within 3 days to be fair to other people asking for help.
- When in doubt, please stop and ask first. There's no harm in asking questions!
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:
In your reply, please post the GMER log.
Next, please download ComboFix from one of these locations:
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on etavaresCF.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.
Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
PS> Please copy/paste the contents of the log directly into your reply. You can do multiple posts if it's too long. This helps for two reasons: 1: some logs such as OTL are formatted for direct posting so it makes researching it easier and 2: you'll run out of space for attachments before we finish the thread.