Trojan GVU Bundespolizei 2.07 – OTL logfiles

Ansicht von 15 Beiträgen - 1 bis 15 (von insgesamt 17)
  • Autor
    Beiträge
  • #38606

    Morning,

    unfortunately I have gotten this trojan on my girlfriends’ laptop and I would like to get rid of it before Friday, because I need to leave again then. I’ve been reading several topics about this and I have been able to create OTL logfiles (see attachment).

    I hope someone can help me with this.

    Thanks in advance.

    Sven

    Ps. I had already created a topic on the German forum, but haven’t received a single reply since I opened the topic on Monday. This is probably because I am not a native speaker of German and my German was insufficient.

    #94483
    MG

    Hello Hamilcar,

    welcome to our Forum.

    Please hang on i will examine the Logfiles….

    #94484
    MG

    1. Fixing with OTL

    Here we go.

    [*] Copy the following fixcode in the textbox underneath Benuterdefinierte Scans/Fixes: [/list]

    :OTL
    O3:[b]64bit:[/b] – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKUS-1-5-21-138049679-4164244422-4101472699-1000..ToolbarWebBrowser: (no name) – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No CLSID value found.
    O4 – HKLM..Run: []  File not found
    O4 – HKLM..Run: [ApnUpdater] C:Program Files (x86)Ask.comUpdaterUpdater.exe (Ask)
    O4 – HKUS-1-5-21-138049679-4164244422-4101472699-1000..Run: [avupdate] C:WindowsSysWow64explorer.exe (Microsoft Corporation)
    O4 – HKUS-1-5-21-138049679-4164244422-4101472699-1000..Run: [Xvid] C:Program Files (x86)XvidCheckUpdate.exe ()
    O20 – HKUS-1-5-21-138049679-4164244422-4101472699-1000 Winlogon: Shell – (C:UsersBiancaAppDataRoamingmsconfig.dat) – C:UsersBiancaAppDataRoamingmsconfig.dat ()
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    
    
      [*] Close all running prorgams.
      [*] Click on Fix.
      [*] If OTL requires a reboot, do so.
      [*]Copy both Logfiles after fixing and post them here
      To open Logfiles afterwards go to => C:_OTLMovedFiles

    For all who is reading this Thread: This fixcode is special and can harm your system irretrievably. Please do not use it![/color]

    2.
    Please perfom a full scan with Malwarebytes. Instruction (in german but easy to understand) and download here.

    3.
    Deinstall all unused Toolbar like ebay, Ask, MSN, Conduit, Yahoo, SweetIM, Bandoo, iLivid (Systemsettings->Installed Programs)

    4.
    Check your Plugins and Browser and install updates if necessary.

    5.
    Important! Reset the Internet Explorer Settings. Here you go.

    6.
    Install ServicePack for your Windows!!

    #94491

    Ok, I did what you asked, but during the fixing process an error occured and the computer rebooted itself.

    After rebooting a log file showed up. Only one, which I have attached to this message. There is no second log file in the directory you posted either, just another map with 3 submaps (C_Program files; C_User and C_windows).

    I will continue to steps 2 to 6.

    Thanks for your help!!

    #94485
    MG

    This Logfile looks allright.

    #94492

    Ok, I have deinstalled all the toolbars except the one from ask.com. Every time I try to get rid of it I get an error stating I should close all explorer windows. Doing so doesn’t get rid of the message, nor does rebooting. What can I do about that?

    Also, I noticed something strange when installing malwarebytes. There are two folders with programs in it. One is called program files, the other one program files (x86). Some programs appear in both folders. What’s up with that?

    Oh and I tried to install malwarebytes on my desktop, but I can’t seem to find the desktop. I can only choose C, D or E, but not computer – desktop. Isn’t it possible to save a program on your desktop? If so, how?

    I have done step 4 and all was fine.

    #94493

    great! I’m now running the full scan of malwarebytes. I’ll get back to you as soon as it is done. I will also try to restart the computer then and see what happens.

    Thanks a lot!!

    #94486
    MG

    you can try adwcleaner do uninstall adaware like this.
    Usually programs with 32bit capability are installed in the program files x86 folder. Other modern programs will be installed in the other one but that shouldnt bother you because its nothing to be worry about.

    You mean you can’t find the link to the program after you installed it? No problem, go to start – programs and open it there. you dont need any link to program. just install it and it will open by itself.

    edit: i saw your post later on, no worry.

    #94494

    You’re a life saver! The adwcleaner got rid of ask toolbar and required a reboot. So, I tried to log in the normal way and everything works again!!

    I’m now doing the scan again and after that I will install the servicepack for windows.

    Anything else I need to do?

    Just to be sure… are all traces of the trojan gone?

    #94487
    MG

    GVU or BKA infections are only superficial, we call them scareware because they only provoke you pay for a alleged criminal activity. So you can be sure all traces are gone with the actions and cleaning stuff we have performed.

    Please give a short feedback when you have installed the service pack, so we can finish and close this thread. 🙂

    And don’t forget the Malwarebytes Logfiles, i need to check them as well.

    #94495

    The service pack is proving to be troublesome. I get the same error over and over. See below.

    Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

    Installationsdatum: ‎15.‎08.‎2012 20:17

    Installationsstatus: Fehlgeschlagen

    Fehlerdetails: Code 80073701

    Updatetyp: Wichtig

    Windows 7 Service Pack 1 ist eine empfohlene Sammlung von Updates und Verbesserungen für Windows, die zu einem einzigen, installierbaren Update zusammengefasst wurden. Mit dem Service Pack können Sicherheit und Zuverlässigkeit Ihres Computers verbessert werden. Eine normale Installation nimmt etwa 30*Minuten in Anspruch, und Sie müssen den Computer neu starten, nachdem etwa die Hälfte des Installationsverfahrens abgeschlossen ist.

    Also, attached the log file from malwarebytes.

    #94496

    Ok, I tried to download the service pack and install it that way, but got the same error, a bit more detailed however. It says:
    Die referenzierte Assembly konnte nicht gefunden werden.
    Error_sxs_assembly_missing(0x80073701)

    #94488
    MG

    Ok try to make an update within windows. You can delete the file. Click on start and go to “windows update”.

    Maybe this will work for you.

    #94497

    No success:

    Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

    Installationsdatum: ‎15.‎08.‎2012 22:45

    Installationsstatus: Fehlgeschlagen

    Fehlerdetails: Code 80073701

    Updatetyp: Wichtig

    Windows 7 Service Pack 1 ist eine empfohlene Sammlung von Updates und Verbesserungen für Windows, die zu einem einzigen, installierbaren Update zusammengefasst wurden. Mit dem Service Pack können Sicherheit und Zuverlässigkeit Ihres Computers verbessert werden. Eine normale Installation nimmt etwa 30*Minuten in Anspruch, und Sie müssen den Computer neu starten, nachdem etwa die Hälfte des Installationsverfahrens abgeschlossen ist.

    So, the same error code as before. Any ideas?

    #94489
    MG

    It seems that you used some tuning tools, which in some cases destroys important system datas in the winsxs folder and the only solution is here to reinstall windows again. sad to say but i have no other solution for you.

Ansicht von 15 Beiträgen - 1 bis 15 (von insgesamt 17)
  • Das Thema „Trojan GVU Bundespolizei 2.07 – OTL logfiles“ ist für neue Antworten geschlossen.