06-26-2012 06:26 PM - edited 06-26-2012 06:27 PM
Disable Norton for say 30 minutes
Start OTL, under Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom) and run the script. (Red Run Fix Button)
The output log, should be placed in the C:\ _OTL folder after.
06-26-2012 08:08 PM
No OS reboots or alert windows from symantec (have not re-enabled it yet).
Everything appears normal.
I am not familiar with a few of the "moved files", but the ones I recognize are not important.
Shall I enable symantec now?
06-26-2012 08:11 PM
Start OTL again but this time click the Black CleanUp button, then make sure the C:\_OTL folder is deleted.
After that you are free to go on your merry way. You are now fixed / Solved.
If you want Malwarebytes download the Free version to install and don't click the Trial button
If you want to, you can turn off System Restore wait for it to clear the Restore Points and then Turn it back on once you find all is happy. today, tomorrow whenever.
06-26-2012 08:41 PM
Ok the OTL folder has been deleted.
Thank you QUADS for the personal time investment in assisting me with this issue.
What can I do to compensate you for your work?
Also, would you care to enlighten me about this type of attack on my system and how I can prevent it in the future?
06-26-2012 09:24 PM
Just be wise, like if an ad appears saying you have won $1,000 or someone wants to chat to you, Just think OH NO, I' not that dumb to click it.
Malware is always changing, It's just a matter of keeping up with it.
06-27-2012 10:25 AM
I updated the database for Malwarebytes and did a full scan (1hr50min) and found zero threats.
I re-enabled symantec
1 hr later, the auto-protect found file "APQE03B.TMP" and labled it a trojan.zeroaccess.
only one instance of this file has appeared so far with the "auto-protect" system
I am currently doing a full scan with symantec
06-27-2012 12:52 PM
You might be going to a site that has a drive by.
If it's just a .tmp file that has tried to come in Symantec may have just done it's job, WHAM grab, or it's just a temp file you can just delete it.