Please help! Had Defender virus warning - Now desktop icons have vanished!

SaqibQ

OK, don't need to worry about SuperAntiSpyware or Malwarebytes.

I believe you have Avast and not AVG, correct? Since you have disabled Avast, you are now OK to run ComboFix.

SaqibQ

I'm going through the log now, and will post some instructions soon.

I do have that AVG on the desktop but I thought I'd only downloaded AVAST

From what I understand and can see from the logs is that you have the AVG installaiton file (.exe) on your Desktop, but you have not installed it. However, you have Avast installed operating as your anti-virus? Is that correct? Let me know.

paddywak

Yes SaqibQ Avast is the one I put on over the weekend and disabled earlier. How can you see these things from all that writing? I'm totally amazed at this genius you lot have!!

SaqibQ

Hi,

I may ask you to repeat some stuff you've already done later.

But for now, please do the following...

1. I'd like some files scanned:

• Go to VirusTotal
• Copy and paste the following file path into the Search Box in the middle of the page:
  • c:\windows\system32\redivipo.dll
• Now click on the Send File button
  • NOTE:
  • If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
• Save a copy of the Anti-Virus results only. Post the results in your next reply.

Do the same for the following files...
C:\windows\system32\hugeloko.dll
c:\windows\system32\nodivivo.dll

2. Open Notepad and copy/paste the text in the Quote Box below into it:

File::
C:\WINDOWS\system32\kugatugi.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

Note: I have bolded "Control" as the forum software adds a space between the letters which will lead to an incorrect fix.

Save this as CFScript.txt to your Desktop



Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

paddywak

This is all that came up when I sent that line to virustotal
0 bytes size received / Se ha recibido un archivo vacio

SaqibQ

That's fine! Scan the other files and let me know the results in your next reply. Also, make a note of files you're currently scanning so I know which result belongs to which file.

Thanks!

SaqibQ

My mistake...

SaqibQ

Did you scan all the files? For some reason, they are not being displayed properly on the forum.

Could you scan the files again, individually, save them in Notepad and upload them here. Post the download links here so I can download the files.

Thanks!

paddywak

A Hijack or Combofix too?

SaqibQ

Nope, those are fine!