Solved I need help with very strange Chinese SPAM/Malware

There's a message that says another antivirus software was detected. This may affect the performance and quality of the scan. It shows AVG. I have it disabled.

 

Hi Broni,

After 45 minutes, ESET is still on Step 1 of 4. The only indication that it might be working at all is that the Ethernet and Internet lights on the router are flickering a little bit.

 

Okay.

I've started to tun it on Firefox though I don't hear any activity from the tower. I would have thought I'd hear more than the fans spinning around.

 

Hi Broni,

Its 4 pm and ESET doesn't seem to have done anything after more than 18 hours. It's still on Step 1. I did a Ctrl. Alt. Delete and it seems to still be running.

If you think it would make a difference I uninstalled my AVG.

 

Okay, I've started to run it with Firefox though I don't hear any activity from the tower.

 

Broni,

The F-Secure scan finished quickly and it said there were no problems.

There's a message saying: Your device is not protected. We recommend that you use a security application to protect your device.

Then, there is a button on which it says Get SAFE. I think it would probably take me to an antivirus download. What next?


I think you've cleaned it out. The system has been running beautifully and I haven't seen the wireless light on the router for two days. Before, it was on constantly.

 

Broni,

I just opened my computer to send you a thank you message, and as soon as my machine booted up, I was shocked to find the attached on my screen.

I guess we didn't get it all yet.

I did everything else you suggested and the only thing that was different was that the Adobe Flash Player is updated to version 13.

Have you ever seen one worse than this? I don't know what to do.

I changed my passwords last night, too. Will I have to change them again?

It's not a very sharp image, I'm afraid. It's the one I described earlier with the trash can about the size of a business card. I can send another if you need it.

Please let me know what you think.

Thanks,

bellisimo

 

Hi Broni,

Here is the MBAM report:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.31.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16899
a :: BBELL-PC [administrator]

Protection: Enabled

5/31/2014 9:29:25 PM
mbam-log-2014-05-31 (21-29-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 449883
Time elapsed: 15 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Here is the JRT scan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by a on Sat 05/31/2014 at 21:48:43.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/31/2014 at 21:55:09.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Here's the AdwrCleaner scan:

# AdwCleaner v3.211 - Report created 31/05/2014 at 22:00:09
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : a - BBELL-PC
# Running from : C:\Users\a\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\naxv236a.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [845 octets] - [31/05/2014 19:50:53]
AdwCleaner[R1].txt - [902 octets] - [31/05/2014 21:58:58]
AdwCleaner[S0].txt - [814 octets] - [31/05/2014 22:00:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [873 octets] ##########

 

Yes, I believe that's true because IE is the only browser I have been using, and my email account is Outlook on IE as well.

 

Sure, I'll try that. For how many days should we try it for? I only ask because if the malware is active in my system, could it now be destroying files during the period when I'm using Firefox.

I looked up some email files I had saved 2 or 3 years ago and pages of them that I used to be able to open have changed into a type of file that I can no longer access. I don't know if it has anything to do with this malware though.

I do have all my hard drives backed up with Acronis True image on my external drive though I haven't a clue how to restore my C: Drive with them.