Antimalware Doctor (virus)

[Yon o shon]

Mk, so i've googled it and followed the steps to manually delete it. Except i couldnt find antimalwaredoctor.exe or enemies-names.txt. i ran spybot search and destroy and it finds and deletes it, but it comes right back when i restart my comp. i've ended all weird processes. It autocancels my downloads, and deletes them when they're done if i do get it downloaded. i've deleted all the registries that i could find related to it. It also disable my system restore through the registry.i dont have hijackthis and can't download it cause of the virus.
I am lost and do not know wat to do. anyhelp would be great.

 

[Nestle]

Download http://z-oleg.com/avz4.zip or alternative reference (If the first does not open) http://rapidshare.com/files/409318809/avz.zip

Unzip AVZ Antiviral Toolkit to a separate folder.
Run AVZ.

Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Send through filehoster virusinfo_syscheck.zip

 

[Yon o shon]

the zip downloaded without a hitch, ill post as soon as it run it.

ty

 

[Yon o shon]

wait wat do u mean by send through filehoster?
Do you want me to just upload it to to like rapidshare or something?
and why did spybot flag this program as a malicious malware?

 

[Nestle]

False detect

Upload archive and send reference (that I could download archive)

 

[Yon o shon]

http://rapidshare.com/files/409345020/virusinfo_syscheck.zip

 

[Nestle]

Close/unload spybot

Start AVZ with administrator rights

Run AVZ, go to File - Custom scripts. In the text field of the opened window right-click and choose Paste.

begin
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','jgyo0w');
 DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\19aqp.exe');
 DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\msgciutr.dll');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','tghlig');
 DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\ounq1.exe');
 DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\y2p0n.dll');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','uiha98uiohf873yuiadnhgjesgregas');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mcexecwin');
 DeleteFile('C:\Users\Administrator\AppData\Local\Chnfyic.dll');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Jxijowuka');
 DeleteFile('C:\Windows\system32\szetyj67v.exe');
 DeleteFile('C:\Windows\system32\szetyj67vx.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','szetyj67v');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','szetyj67vx');
 DeleteFile('C:\Windows\SysWow64\k5bpo.dll');
 DelBHO('{C2BA40A2-75F1-51BD-F413-04B15A2C8950}');
 ExecuteSysClean;
 ExecuteRepair(6);
 ExecuteRepair(13);
 RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
RebootWindows(true);
end.

Click the Execute script button.


After reboot: New Standard scripts №2 (Advanced System Analysis) and send new virusinfo_syscheck.zip

 

[Yon o shon]

http://rapidshare.com/files/409352063/virusinfo_syscheck.zip

i accidentally deleted the original log so i restarted from step one.
This is the log after running AVZ as administrator and running the standard script then your script.

 

[Yon o shon]

and i closed spybot

 

[Nestle]

Execute script

begin
 DeleteFile('C:\Windows\system32\drivers\etc\hosts');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','releaseversion70700.exe');
 DeleteFile('C:\Users\Administrator\AppData\Roaming\B47DBF12D24EC12EDADDAFE2D5BB8B99\releaseversion70700.exe');
ExecuteSysClean;
ExecuteRepair(13);
ExecuteWizard('TSW', 2, 2, true);
RebootWindows(true);
end.

After reboot: New Standard scripts №2 (Advanced System Analysis) and send new virusinfo_syscheck.zip

 

[Yon o shon]

http://rapidshare.com/files/409355798/virusinfo_syscheck.zip

Good news, the virus didnt start up when rebooted

 

[Yon o shon]

Are we finished? Shall i shower u with praise now? or are you still workin out another script?

 

[Nestle]

Execute script (Start AVZ with administrator rights)

begin
 DeleteFile('C:\Users\Administrator\AppData\Roaming\B47DBF12D24EC12EDADDAFE2D5BB8B99\releaseversion70700.exe');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','releaseversion70700.exe');
ExecuteSysClean;
RebootWindows(true);
end.

After reboot: New Standard scripts №2 (Advanced System Analysis) and send new virusinfo_syscheck.zip

Also http://www.computerforum.com/131398-important-please-read-before-posting.html

 

[Yon o shon]

I tried to download both of those programs before i came to this forum. i just tried them again but for some reason they just magically disappear after i download them. i tried all the links on that post btw. maybe its firefox? never had the problem before though. posting the rapid share soon.

 

[Yon o shon]

btw i think ur solution only worked because it was a zip. i can save images and zips but .exe and stuff like that are a no go.

 

[Yon o shon]

http://rapidshare.com/files/409360793/virusinfo_syscheck.zip

here you go

 

[Nestle]

Start with administrator rights

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next
reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post: The ComboFix log

 

[Yon o shon]

Ok this is what happens. I click to download and hit save file. Firefox's download thing pops up and the download appears at the top of the list. and under it it says cancelled. i did not cancel it it is canceled by itself. i hit restart and the download goes by fine. as soon as its done i try to open and it wont let me. i look in my download folder and its not even there.

oh i forgot. right after i got the virus, my web browsers proxy settings were messed up ( i dont even use a proxy) so i turned it off and firefox is working fine. i just tried using google chrome and it won't work.

 

[Nestle]

http://rapidshare.com/files/409364594/Com-bo-Fix.exe

 

[Yon o shon]

i disable the proxy in google chrome and now it works

i dont know how all of my internet settings got messed up on both browsers

Going through rapidshare didn't help