[cronaldo7]

Hello. I've been facing some trouble lately. I have an upto-date avast installed and I had formatted my PC just 3 days back. However, since today morning, my computer and internet have been running fairly slow and Avast has been blocking this particular link (see "Last Infected") everytime I rebooted my PC & connected it to the internet - http://img3.imageshack.us/img3/8875/58786994.jpg . It also gave me a virus alert of this random numbered file - http://img39.imageshack.us/img39/4821/47213284.jpg . I moved it to the Virus chest.

What did I do?

1. Reboot. See another randomly numbered file in my C drive. Delete it. Reboot again. Random files comes up again and Avast pops up message saying trojan found. Problem remains unresolved.

2. 2. Checked msconfig. Found some random process, blocked it and rebooted. As I mentioned above, Avast gave me a popup saying it had blocked the link. And Magically, the msconfig process had got activated again after the reboot - http://img41.imageshack.us/img41/6465/virusay.jpg

3. Task manager shows "run32dll.exe" & 2 wuauclt.exe processes running. One with my username, one with system. I could successfully close all but they all come back after reboot.

4. I run a HijackThis scan. I have attached the log to this post.

Kindly help me fix the issue(s).

Thanks for your help

[cronaldo7]

Can someone please help me out? This is a very nagging problem and is screwing my PC up

[cronaldo7]

Can someone please help me out? Its been 3 days and with all due respect to you guys, you have been resolving issues out of turn. My problem is just as bad as everyone else's. Please help out. I've been patient all the while but my PC is quite jacked. I've read that "It may take a day or two before a qualified volunteer is able to respond to your issue". Its been 3 days now.

I need help and I hope I'll be getting some soon.

Thanks

[muppy03]

Hi there, Well unfortunately you have a backdoor “Infostealer.Wowcraft”. infection. Please read the below information carefully. Since you have just done a clean install, and going by your HJT log, have not loaded too much back on the computer, you might be wise to consider another format and clean install.

IMPORTANT
One or more of the identified infections that you have is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be secure afterwards. The system will be extremely unlikely to be returned to its pre-infection state.

Should you have any questions, please feel free to ask.

Let me know what you decide.

[cronaldo7]

Hello again. Thanks for writing back. Should I format all the 3 drives or is only formatting the C drive enough? I'll need to backup all my important documents, some image files, audio and video files, webpage shortcuts & Firefox user files. What kind of files can I backup and which files should I let go?

Also, which free Anti-virus & anti-spyware programs do you recommend that I should use in the future?

The reason I formatted the PC a week back was an infected crack file of a software which infected my system with the restorer32_a.exe. I deleted the source of the virus and formatted the C drive and the PC was working smooth until the above mentioned problems screwed it up again.

Please right back soon. My PC is a real mess.

[muppy03]

Quote:

I had formatted my PC just 3 days back.

What is on your other drives? Are they partitions or separate hard drives?

If you formatted just a few days ago, are your files not already backed up?

Quote:

The reason I formatted the PC a week back was an infected crack file of a software which infected my system with the restorer32_a.exe.

I hope this taught you the dangers of ‘cracked’ software.

[cronaldo7]

^^^ Sorry writing late. There are 3 partitions, C, D, E and I also have an external USB HD which I use at times (full of movies, music, .doc, wordpad and .txt documents).

I had pasted my backup on drive d and formatted drive c. Do I need to format all 3 drives?

UPDATE - 10 mins back, avast! went off with Win32:Vitro alarms. It couldn't repair files, hence moved to chest.

[muppy03]

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

• Download and install the WGA Diagnostic Tool:
  http://go.microsoft.com/fwlink/?linkid=56062
• Click Run and Run again
• Click Continue, click Copy
• Next open Notepad, in the empty pane right click and select Paste

Please post (reply) with the results.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
  
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please reply with:-

• Uninstall list
• New HJT log
• MBAM log
• WGA report