Ok I'm going to admit that I can deal with computers relatively well (for a teenager) - I am the most techsavy in my family. When our computer last got a virus (from Click Potato website) I managed to locate it and get rid of it, using a combination of Avast, Malwarebytes and FileAssassin.
But the computor has a new virus (I think). (Normally we run Avast Free on our PC). This is what i have tried to locate the virus / malware:
aswMBR:
aswMBR version 0.9.7.750 Copyright(c) 2011 AVAST Software
Run date: 2011-07-16 14:36:31
-----------------------------
14:36:31.365 OS Version: Windows 6.1.7601 Service Pack 1
14:36:31.365 Number of processors: 4 586 0x502
14:36:31.367 ComputerName: HOME-PC UserName: Home
14:36:34.111 Initialize success
14:36:34.452 AVAST engine defs: 11070401
14:36:42.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
14:36:42.052 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 11
14:36:44.066 Disk 0 MBR read successfully
14:36:44.073 Disk 0 MBR scan
14:36:44.492 Disk 0 unknown MBR code
14:36:46.501 Disk 0 scanning sectors +1953523120
14:36:46.943 Disk 0 scanning C:\Windows\system32\drivers
14:37:00.026 Service scanning
14:37:01.048 Disk 0 trace - called modules:
14:37:01.076 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86bd4390]<<
14:37:01.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869bd600]
14:37:01.098 3 CLASSPNP.SYS[8b59659e] -> nt!IofCallDriver -> [0x869e4028]
14:37:01.104 \Driver\00000621[0x86b9cf38] -> IRP_MJ_CREATE -> 0x86bd4390
14:37:02.759 AVAST engine scan C:\Windows
14:45:47.875 File: C:\Windows\System32\atieclxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:47.927 File: C:\Windows\System32\atiesrxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:57.786 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:45:57.793 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
14:50:41.886 File: C:\Windows\System32\msreepl40.dll **INFECTED** Win32:Malware-gen
14:51:55.644 File: C:\Windows\System32\vdds.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:51:59.648 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:51:59.667 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
15:15:56.107 AVAST engine scan C:\Users\Home
17:08:56.688 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
17:08:56.763 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
Security Check:
Results of screen317's Security Check version 0.99.17
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
MuseScore 0.9.6.3 MuseScore score typesetter
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Java(TM) 6 Update 26
Adobe Flash Player 9 (Out of date Flash Player installed!)
Flash Player Out of Date!
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
But the computor has a new virus (I think). (Normally we run Avast Free on our PC). This is what i have tried to locate the virus / malware:
- Avast Free - Shows red cross in bottom bar icon, and says it is not active and requires fixing. When the Fix Now button is pressed nothing happens
- MalwareBytes free version begins scan, lasts for about 2 to 14 seconds, before crashing (having scanned no items). When reopening the program it says I do not have permission, so I have to unlock the program with something called Instil (found on your forum somewhere) and then I go back to the start, where it crashes again etc.
- Stopzilla scanned and found virus's, I think it removed them, but Avast still wouldn't start. After doing a boot scan with Avast, Stopzilla no longer works and I was forced to uninstall it.
- Both SuperAntiSpyware and HijackThis crash also when told to scan
- OTL won't scan my files, It just crashes
aswMBR:
aswMBR version 0.9.7.750 Copyright(c) 2011 AVAST Software
Run date: 2011-07-16 14:36:31
-----------------------------
14:36:31.365 OS Version: Windows 6.1.7601 Service Pack 1
14:36:31.365 Number of processors: 4 586 0x502
14:36:31.367 ComputerName: HOME-PC UserName: Home
14:36:34.111 Initialize success
14:36:34.452 AVAST engine defs: 11070401
14:36:42.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
14:36:42.052 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 11
14:36:44.066 Disk 0 MBR read successfully
14:36:44.073 Disk 0 MBR scan
14:36:44.492 Disk 0 unknown MBR code
14:36:46.501 Disk 0 scanning sectors +1953523120
14:36:46.943 Disk 0 scanning C:\Windows\system32\drivers
14:37:00.026 Service scanning
14:37:01.048 Disk 0 trace - called modules:
14:37:01.076 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86bd4390]<<
14:37:01.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869bd600]
14:37:01.098 3 CLASSPNP.SYS[8b59659e] -> nt!IofCallDriver -> [0x869e4028]
14:37:01.104 \Driver\00000621[0x86b9cf38] -> IRP_MJ_CREATE -> 0x86bd4390
14:37:02.759 AVAST engine scan C:\Windows
14:45:47.875 File: C:\Windows\System32\atieclxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:47.927 File: C:\Windows\System32\atiesrxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:57.786 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:45:57.793 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
14:50:41.886 File: C:\Windows\System32\msreepl40.dll **INFECTED** Win32:Malware-gen
14:51:55.644 File: C:\Windows\System32\vdds.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:51:59.648 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:51:59.667 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
15:15:56.107 AVAST engine scan C:\Users\Home
17:08:56.688 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
17:08:56.763 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
Security Check:
Results of screen317's Security Check version 0.99.17
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
MuseScore 0.9.6.3 MuseScore score typesetter
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Java(TM) 6 Update 26
Adobe Flash Player 9 (Out of date Flash Player installed!)
Flash Player Out of Date!
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````