lrx and lrw infection

[alexfromparis]

Hello,
I've noticed lrx.exe and lrw.exe in the running apps list.
My comptuer is slower, and IE try to connect automaticly.

Please help me ton clean up my system.

Alex

[Rene-gad]

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual disinfection

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('c:\users\jetgroove\appdata\local\temp\lrx.exe','');
 QuarantineFile('c:\users\jetgro~1\appdata\local\temp\lrw.exe','');
 TerminateProcessByName('c:\users\jetgroove\appdata\local\temp\lrx.exe');
 TerminateProcessByName('c:\users\jetgro~1\appdata\local\temp\lrw.exe');
 DeleteFile('c:\users\jetgro~1\appdata\local\temp\lrw.exe');
 DeleteFile('c:\users\jetgroove\appdata\local\temp\lrx.exe');
 DeleteFile('%windir%\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job');
 DeleteFile('%windir%\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-2348526049-2997170388-67091200-1000\Software\Microsoft\Windows\CurrentVersion\Run','YVIBBBHA8C');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script in Manual disinfection

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

- Remove Bonjour if you don't use it.
- Repeat a log file of AVPTool.
- Attach a log to your new post..

[alexfromparis]

Thanx for your help.
Here's the second log you asked for.

[Aleksandra]

I could not find any malware in your log.

[alexfromparis]

Great !
Thanks for all

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 1
• Обработано файлов: 5
• В ходе лечения обнаружены вредоносные программы:
  
  1. c:\users\jetgroove\appdata\local\temp\lrx.exe - Trojan.Win32.Fraudpack.atfk ( DrWEB: Trojan.Fakealert.14850, AVAST4: Win32:Trojan-gen )