plz help me regarding sowar browser on my internet explorer!

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

1 2 3 >

plz help me regarding sowar browser on my internet explorer!, i cannot edit my homepage and it goes back suddenly to other sites!

Options

Buckeye_Sam View Member Profile	Nov 14 2008, 09:14 AM Post #2
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process. Please do an online scan with Kaspersky WebScanner. Please visit the Kaspersky Online Scanner website. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Also post a new hijackthis log. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

nadzme View Member Profile	Nov 15 2008, 01:50 AM Post #3
Member Group: Members Posts: 24 Joined: 14-November 08 Member No.: 256,414	i cant install kaspersky ! i already uninstalled my antivirus ! but still it cant be installed !

nadzme View Member Profile	Nov 15 2008, 01:54 AM Post #4
Member Group: Members Posts: 24 Joined: 14-November 08 Member No.: 256,414	plz help me !!!! tnx !!

Buckeye_Sam View Member Profile	Nov 15 2008, 02:18 PM Post #5
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Let's try something a little different. Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Please post the contents of the log from DrWeb and a new OTViewIt log in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

Buckeye_Sam View Member Profile	Nov 17 2008, 07:30 PM Post #7
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	You forgot to post the log from the DrWeb scan. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

nadzme View Member Profile	Nov 18 2008, 11:21 PM Post #8
Member Group: Members Posts: 24 Joined: 14-November 08 Member No.: 256,414	autorun.inf;c:;Corrupt autorun file;Invalid path to file ; autorun.inf;d:;Corrupt autorun file;Invalid path to file ; here's the saved log from drweb scan !

Buckeye_Sam View Member Profile	Nov 19 2008, 10:29 AM Post #9
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please click OTMoveIt3 and then click >> run. Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :files F:\bar311.exe :reg [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c914075-8425-11dd-a5fa-000d872ad521}\Shell\Open\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\explore\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\explore\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f2-0da5-11dd-a4fa-000000000000}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f3-0da5-11dd-a4fa-000000000000}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f3-0da5-11dd-a4fa-000000000000}\Shell\explore\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f3-0da5-11dd-a4fa-000000000000}\Shell\open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c914075-8425-11dd-a5fa-000d872ad521}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9c02e9-9102-11dd-a612-000d872ad521}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9c02e9-9102-11dd-a612-000d872ad521}\Shell\Open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a4f8640-02ad-11dd-a4e2-000d872ad521}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a4f8640-02ad-11dd-a4e2-000d872ad521}\Shell\Open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3185bd1d-8926-11dd-a605-000d872ad521}\Shell\AutoRun\command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3185bd1d-8926-11dd-a605-000d872ad521}\Shell\explore\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3185bd1d-8926-11dd-a605-000d872ad521}\Shell\open\Command] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f2-0da5-11dd-a4fa-000000000000}\Shell] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577c98f2-0da5-11dd-a4fa-000000000000}\Shell\AutoRun] :Commands [EmptyTemp] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. ============ Download Flash_Disinfector.exe by sUBs and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done. Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection. ============ Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Also post a new log from OTViewIt. How is your computer behaving now? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

nadzme View Member Profile	Nov 20 2008, 05:07 AM Post #11
Member Group: Members Posts: 24 Joined: 14-November 08 Member No.: 256,414	do you think i still have some irregularities in my pc that is needed to be fix ?? ! help me about it !! tnx !!

Buckeye_Sam View Member Profile	Nov 20 2008, 07:42 AM Post #12
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Sounds like things are coming together. You still need to run Malwarebuytes and post that log. We still have some more to cleanup, but I need to see a log from OTViewIt after you run Malwarebytes. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

Buckeye_Sam View Member Profile	Nov 22 2008, 09:51 AM Post #14
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Copy this text into OTMoveIt3 just like you did before and click MoveIt. CODE :files D:\WINDOWS\sowar.vbs :reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=- "Start Page"=- [HKEY_USERS\S-1-5-21-796845957-1659004503-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=- "Start Page"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RawOs"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=- "DisableTaskMgr"=- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=- "DisableRegistryTools"=- [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=- "DisableRegistryTools"=- [HKEY_USERS\S-1-5-21-796845957-1659004503-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveAutoRun"=- "NoFolderOptions"=- [HKEY_USERS\S-1-5-21-796845957-1659004503-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=- "DisableTaskMgr"=- Please post the resulting log from OTMoveit as well as a new log from OTViewIt. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 04:59 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides