Cant remove these virus

Mistaken

My computer is infected with the following virus. I have tried to remove them but they just keep re-appearing. Exactly the same ones.


I have Kaspersky internet security always running and that detects nothing.


The only program I have found to detect them is Malwarebytes Anti-malware which shows the log as below. It tries to remove them. The next couple of scans show clear but they always return again within a few hours.


I have ran spybot in safemode which didn't detect anything, and also I tried AD aware but my computer froze with that program.


Below is the log from Malwarebytes.


Please help....








Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01/10/2015
Scan Time: 06:21
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.10.01.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: #######
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297866
Time Elapsed: 19 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 5
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Files: 33
Trojan.Agent.AI, c:\users\######\documents\msdcsc\idk.exe, , [487daba66823b680cbf8f45cdb2850b0],
Backdoor.Agent.E, c:\users\######\documents\services\vhost.exe, , [586d9cb5404be2548aee0e46d52ee719],
Malware.Trace, c:\users\######\documents\my videos\pulgconfig.log, , [eadbb49ddcaf8da91073263c52b1c63a],
Trojan.Agent, c:\users\######\documents\kbtzd2010.cpl, , [388d3c15d8b39c9a21ed630a50b356aa],
Trojan.Agent, c:\users\######\documents\tzdshell.bin, , [299c70e1ccbf71c5000f89e42fd453ad],
Trojan.Agent, c:\users\######\documents\tzd.bin, , [4184cb86c9c269cd65ab432a63a00ef2],
Trojan.Agent, c:\users\######\documents\windows\winhelp.exe, , [d0f581d08dfe89ad282bcabc27dc8080],
Worm.FoolCase, c:\users\######\documents\cantik.scr, , [ccf9f160fb903402f7cd2889f112c937],
Worm.FoolCase, c:\users\######\documents\nitip dulu jangan dihapus.scr, , [0eb77ed3ef9cd95d8243d5dc8c771ae6],
Malware.Trace, c:\users\######\documents\server\admin.txt, , [a322054c5833d75f6462f7baf50efc04],
Malware.Trace, c:\users\######\documents\server\server.dat, , [8045450c96f50b2b1daa6b4601023fc1],
Worm.FoolCase, c:\users\######\documents\smansa_pkp .scr, , [5b6af061e4a71a1c6662a60bcb3852ae],
Worm.FoolCase, c:\users\######\documents\tanjung pesona.scr, , [bb0ad978a6e5dc5ac108238e3bc86a96],
Worm.AutoRun, c:\users\######\documentsautorun.inf, , [3d8868e90b8059dd28a2fab7b84b56aa],
Worm.AutoRun, c:\users\######\documentsread1st.exe, , [12b3e8692b60fd39b417822f33d0a25e],
Trojan.Backdoor, c:\users\######\documents\lol.exe, , [1baab49db3d853e38cdc14e120e3f709],
Adware.Kraddare, c:\users\######\documents\usase.exe, , [cef7440daedd37ffb2a43fbe18eba55b],
Trojan.Agent, c:\users\######\documents\win32sta.dll, , [70558bc6503bd0665bc48c7311f21ee2],
Trojan.Agent, c:\users\######\documents\svchost.exe, , [8342aca517748da935cf5eb2778d10f0],
Trojan.Ransom, c:\users\######\documents\dll, , [23a22b26ff8c191dee1a17fb7094a759],
Trojan.Agent, c:\users\######\documents\svchast.exe, , [4a7b133eeaa1c4729e7e39ddc63e28d8],
Adware.ChinAd, c:\users\######\documents\ldt\ldtframe.cfg, , [facbcc85602b89adae54e853d62e3ac6],
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Backdoor.Bot, c:\users\######\documents\ttaskmgr\ttaskmgr.exe, , [6164f65b474444f220f80872030101ff],
Trojan.Agent, c:\users\######\documents\commondata\winhlp31.exe, , [cdf83d14d6b5112546a290eaef1508f8],
Trojan.Agent, c:\users\######\documents\sen.exe.exe, , [527361f0eaa1be78f6d28800c63ebc44],
Trojan.Agent, c:\users\######\documents\systeminfo.exe, , [3095a5ac3259e84e858031a513f1ec14],
Trojan.Agent, c:\users\######\documents\user.exe, , [fdc89bb618730b2bb84ef5e162a29d63],
Trojan.FakeAV, c:\users\######\documents\rmactivate_isv.exe, , [992cd978a9e2dd59cbfa9445917307f9],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Physical Sectors: 0
(No malicious items detected)

(end)

esuhl

I've found the Avast Rescue Disc to be really good at getting those "hard to reach" viruses!

You need (another?) PC with Avast installed, then choose the Rescue Disc option to create a bootable CD/DVD/USB stick, and boot the affected machine using that.

You could also try running Anti-Malware and your anti-virus in safe mode.

And adwCleaner is pretty good at cleaning up browser-related infections:
https://toolslib.net/downloads/viewdownload/1-adwcleaner/

GunJack

1. do a full windows disk clean-up
2. run CCleaner (cleaner and registry parts)
3. adwcleaner
4. JRT
5. MBAM
6. manually reset your browsers (and internet connection to check for a proxy server)

If you don't clean all temp files first, you'll just be re-infecting yourself.... if that lot doesn't clear it out, you'll probably need to run Combofix...

Fightsback

Set malwarebytes to detect for rootkits as well, it's normally switched off by default:

Mistaken wrote: »

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled

Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.

bluviaggiatore

I think you can scan your computer with emsisoft emergency kit . it is free and I think It will be helpful for you

Mistaken

Fightsback wrote: »

Set malwarebytes to detect for rootkits as well, it's normally switched off by default:



Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.

I have changed the settings in Malwarebytes to scan for rootkits and ran a scan in safe mode. This scan found over 300 infections.


So far (fingers crossed) since doing this all other scans have shown clean. Thank you

poppellerant

GunJack wrote: »

1. do a full windows disk clean-up
2. run CCleaner (cleaner and registry parts)
3. adwcleaner
4. JRT
5. MBAM
6. manually reset your browsers (and internet connection to check for a proxy server)

If you don't clean all temp files first, you'll just be re-infecting yourself.... if that lot doesn't clear it out, you'll probably need to run Combofix...

Mistaken wrote: »

I have changed the settings in Malwarebytes to scan for rootkits and ran a scan in safe mode. This scan found over 300 infections.


So far (fingers crossed) since doing this all other scans have shown clean. Thank you

I would highly recommend following GunJacks advice to run AdwCleaner and JRT also. I have created links to both of them for you.

GunJack

Fightsback wrote: »

Set malwarebytes to detect for rootkits as well, it's normally switched off by default:



Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.

that is, IMHO, a bit of an over-reaction.... think I've only ever had one or two infected machines which have been that bad I've had to do re-installs on them. And it's quicker to clean them than it is to do a full reinstall, update, programs, etc.

plus, most pc/lappy owners have never heard of backing up their photos, docs, music, etc......

Fightsback

GunJack wrote: »

that is, IMHO, a bit of an over-reaction.... think I've only ever had one or two infected machines which have been that bad I've had to do re-installs on them. And it's quicker to clean them than it is to do a full reinstall, update, programs, etc.

plus, most pc/lappy owners have never heard of backing up their photos, docs, music, etc......

Personally speaking, it's not what you found it's what you didn't find, can't be too careful. Besides a fresh install always spruces up a Windows PC.

Use fire and lots of it