Hi,
Firstly, as this is the first time I have found your site. I just wanted to say I am really impressed. Thanks for having such an awesome and helpful forum!
So since yesterday my laptop has been infected with a Trojan. Being a novice to these things I firstly ran AVG (8.0) and believed it had been successfully removed. However I this morning the random internet windows was appearing again and following an AVG scan I realised I was still infected.
Obviously AVG is not removing this thoroughly so I did a Google search for
Trojan Horse SHeur2.gas (the name of the threat appearing in AVG) and found this post:
http://www.computerhope.com/forum/index.php?topic=72713.0 as the symptoms and description seemed the same I followed the following steps:
1. Disabled TDSSserv.sys (which was there)
2. Ran AVG update
3. Ran Hijack this (could NOT find any of the listed entries from that post) - I didn't save the log from this run, but have in the later one.
4. Downloaded combo fix and ran that (log attached)
So before posting here I have also followed the instructions on:http://www.computerhope.com/forum/index.php/topic,46313.0.html
Disabled AVG Shield
Step 1: Add or Remove ProgramsThere’s nothing I can see that looks obviously wrong
Items I don't associate with anything 'SearchAssist', 'Digital line support', High Definition Audio Driver Package - KB835221', 'MSXML 4.0 SP2 (KB936181)', MSXML 6.0 Phaser (KB933579)'.
Step 2: House CleaningComplete
Step 3: SUPERAntiSpywareThis has found threats which I assume will be in the log which I attach.
Step 4: Malwarebytes' Anti-Malware (MBAM)Run, one threat was found which was removed, log is attached.
Step 5: Update Your Java (JRE)I didn't have the newer version of java, this is now installed, i have run javara and cccleaner.
Step 6: HijackThisRun and log attached.
I have now turned back on AVG shield, until such time as I am advised to disable it again.
Other detailsObviously, when I started, I clearly had a virus, there were random internet windows appearing, AVG refused to update, and windows firewall was turned off (though I discovered this later). Images were also not appearing in IE (though I think this kicked in a little later as I didn't notice it originally).
Disabling TDSSserv.sys cured the AVG update and I was able to turn windows firewall back on (although I hadn't noticed it was off until this point).
I have also reset my Web Settings & Default Security Settings in IE, in order to restore the images (as suggested in the first post I mentioned).
Things I have noticed since doing all the above.
I don't seem to be getting the random windows anymore; however I wasn't getting them last night, after AVG, until this morning.
The only noticeable think is that there now seem to be two internet explorer icons in my start bar (maybe related to running combo fix, seemed to appear after this?)
Logs, attached are:
SuperAntispyware
Malwarebytes' Anti-Malware
HijackThis
Also is the Combofix log, which was run
before following the instructions on 'Read this before requesting malware removal help', as documented above.
My question is, am I cured? Is there anything else I should be doing?
I am going to re-run AVG now and see if anything is picked up..
Thanks for any help you can offer me, and again my commendations on your site!
Laura
[attachment deleted by admin]
