How to get rid off Trojans/Adwares (Zusy.73969, Spy.Gen, Adware.Gen and GOffer.A)?

mrjones

New Member
Dec 22, 2013
8
Avira detects these viruses from the same locations almost every time (...AppData\Local\Temp\afgytdrp_458142(or other number)_setup.exe) and removes them into the quarantine . Still they keep coming back several times a day. It may happen right away when the computer is switched on and WLAN is connected or later whenever. Not normal, I think?

I tried to scan with aswMBR for 4 times, but the scan failed for some reason ("Avast! Antirootkit has stopped working etc...")

Some help would be appreciated, please...
 

Attachments

  • AdwCleaner[S0].txt
    4.9 KB · Views: 102
  • Addition.txt
    30.8 KB · Views: 149
  • FRST_22-12-2013_18-33-41.txt
    66.7 KB · Views: 109

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,632
Hi, we need deeper scan



Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:
createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;
  • Click on
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

mrjones

New Member
Dec 22, 2013
8
I forgot these. I'll get back to this what you asked later...
 

Attachments

  • Quarantine1.pdf
    376.9 KB · Views: 97
  • Quarantine2.pdf
    369.1 KB · Views: 84
  • Quarantine3.pdf
    370.4 KB · Views: 79

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,632
> Re-run zoek with this script and attach here fresh zoek log results.


Code:
emptyalltemp;
emptyclsid;
autoclean;
shortcutfix;
C:\PROGRA~2\YTDownloader;fs
C:\Program Files (x86)\YTDownloader;fs
emptyfolderscheck;delete
resethosts;
netsh int ip reset >> %temp%\log.txt;b 
ipconfig /flushdns >> %temp%\log.txt;b
 

mrjones

New Member
Dec 22, 2013
8
No detections since saturday night. I'll get back to you if something happens. Can you briefly tell me what we just did?
Or if you have any other tips, please share... Thanks a lot!
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,632
No detections since saturday night. I'll get back to you if something happens. Can you briefly tell me what we just did?
Or if you have any other tips, please share... Thanks a lot!

We removed Junkware, and emptied Temp folder.

One more check, and we're done:

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,632
Excellent, you are clean...

Only thing left is to remove used tools..


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.
 
Top