Recently had a av suite virus (?) now things aren't right???

[mcummings36]

I got the file you described on my desktop, but I don't know how to manually upload it?? All it opened was a page Getsysteminfo parser 2.96 and there is no place to upload anything? All it says is what's your problem, with a dropdown menu.

[mcummings36]

I'm also now getting tons of pop ups, even though my blocker is set at high, and every page or email, everything I go to has certain words underlined twice in green, and if I put my cursor on them, a gamevance ad pops up? What is that and how do I get rid of it?

[Dr Jay]

Seems like adware.


Please download ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.

If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

[mcummings36]

When I click on DrWeb-CureIt I get an error message - Internet Explorer cannot display the page....etc....

[Dr Jay]

I fixed the link. Please try it again.

[mcummings36]

Okay, here is the report, but I don't think the scan was complete. I started this thing last night about 12:30 am, and at 9 am this morning it was STILL going. I had to end it, because I work from home online and needed my computer. So I have no idea if this will even be useful, since I don't think it was finished. I've never had a scan take so long. Is that a bad sign?


gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Deleted.;
SkillJamLoader.dll;C:\Documents and Settings\All Users\Application Data\SkillJam\SecurePlayer;Program.PopcapLoader.4;;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Christopher Apostle\Desktop\Unused Desktop Shortcuts\SDFix.exe;Tool.Killproc.3;;
SDFix.exe;C:\Documents and Settings\Christopher Apostle\Desktop\Unused Desktop Shortcuts;Archive contains infected objects;Moved.;
jar_cache1456766111123690851.tmp\AppleT.class;C:\Documents and Settings\Christopher Apostle\Local Settings\temp\jar_cache1456766111123690851.tmp;Exploit.Java.90;;
jar_cache1456766111123690851.tmp;C:\Documents and Settings\Christopher Apostle\Local Settings\temp;Archive contains infected objects;Moved.;
WmaInfo.dll;C:\Program Files\AMT;BackDoor.Click.679;Deleted.;

[Dr Jay]

Let's move to a different tool.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)[/color]

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.