BleepingComputer.com: automatic redirect to other site (Virus?)

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

automatic redirect to other site (Virus?)

#1 User is offline   hunnie910 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 15-March 10

Posted 15 March 2010 - 08:50 AM

I have followed the Preparation Guide instruction

Here is my detailed problem:
On Saturday morning 3/13, I tried to open a Facebook game via Internet Explorer. The website is apps.facebook.com/eastvalleytch. After I logged in, it was loading the game, then half way through, i saw the status bar at the bottom showing it was redirecting to a google seach. Then, suddenly, it takes me to Dell Home Page (my computer is a Dell computer), with this link below, and it states "Sorry, We couldn't find hxxp://paytech.cn/promote/pro.swf%3Ffb_sig_in_iframe%3D1"

full link on the address bar is this:
hxxp://www.google.com/hws/dell-usuk/afe?hl=en&channel=us&s=http://paytech.cn/promote/pro.swf?fb_sig_in_iframe=1&fb_sig_iframe_key=9bf31c7ff062936a96d3c8bd1f8f2ff3&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1268715707.6715&fb_sig_added=1&fb_sig_profile_update_time=1267581701&fb_sig_expires=1268722800&fb_sig_user=674331920&fb_sig_session_key=2.AY3CGWEOh_vl2X3Rsc0JSA__.3600.1268722800-674331920&fb_sig_ext_perms=email%2Cauto_publish_recent_activity&fb_sig_api_key=6300f2e1717b58bfb823bee6d87a4c36&fb_sig_app_id=313113040704&fb_sig=aeff616b803af4076fb55b38ad04fa61

I tried playing the game in FireFox, and it works fine (no redirect to the google search).

Here is the DDS txt that I saved by following the Preparation Guide:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chi-Mei at 18:26:48.70 on Mon 03/15/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.958.149 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
c:PROGRA~1mcafeeSITEAD~1mcsacore.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Windowssystem32rundll32.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
C:Windowssystem32taskeng.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Program FilesAmazonAmazon Unbox VideoADVWindowsClientService.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHighresolution EnterprisesX-Mouse Button Control (32bit Version)XMouseButtonControl.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WindowsSystem32xltScMon.exe
C:Windowssttray.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesDellSupportDSAgnt.exe
C:Windowsehomeehtray.exe
C:Program FilesAmazonAmazon Unbox VideoADVWindowsClientSystemTray.exe
C:WindowsSystem32rundll32.exe
C:Windowsehomeehmsas.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:program filescommon filesinstallshieldupdateserviceisuspm.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe
C:Windowssystem32wuauclt.exe
C:Windowssystem32svchost.exe -k SDRSVC
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32MacromedFlashFlashUtil10e.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32SearchProtocolHost.exe
C:UsersChi-MeiDesktopdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070406
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:progra~1mcafeesitead~1mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:program filesbaeBAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [DellSupport] "c:program filesdellsupportDSAgnt.exe" /startup
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [Corel Photo Downloader] c:program filescorelcorel snapfire plusPhotoDownloader.exe
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:program filesgooglegoogle desktop searchGoogleDesktop.exe" /startup
mRun: [ECenter] c:delle-centerEULALauncher.exe
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [XMouseButton] c:program fileshighresolution enterprisesx-mouse button control (32bit version)XMouseButtonControl.exe
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [xltScMon.exe] c:windowssystem32xltScMon.exe
mRun: [dscactivate] "c:program filesdell support centergs_agentcustomdsca.exe"
mRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:windowssystem32nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupamazon~1.lnk - c:program filesamazonamazon unbox videoADVWindowsClientSystemTray.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupprogra~1.lnk - c:windowsinstaller{42accb45-3363-47e0-94e9-f0074cc8bc56}Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:program filesjavajre1.6.0binssv.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:progra~1mcafeesitead~1McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:progra~1mcafeesitead~1McIEPlg.dll
AppInit_DLLs: c:progra~1googlegoogle~1GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:userschi-meiappdataroamingmozillafirefoxprofilesne31yepn.default
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:progra~1mozill~1extensionstalkback@mozilla.orgcomponentsqfaservices.dll
FF - component: c:program filesmcafeesiteadvisorcomponentsMcFFPlg.dll
FF - component: c:program filesmozilla firefoxcomponentsGoogleDesktopMozilla.dll
FF - component: c:userschi-meiappdataroamingmozillafirefoxprofilesne31yepn.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.allow_platform_file_picker", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:program filesmozilla firefoxgreprefsall.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2010-1-5 385536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:progra~1mcafeesitead~1mcsacore.exe [2010-2-20 93320]
R2 McProxy;McAfee Proxy Service;c:progra~1common~1mcafeemcproxymcproxy.exe [2010-2-20 359952]
R2 McShield;McAfee Real-time Scanner;c:progra~1mcafeeviruss~1mcshield.exe [2010-2-20 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2010-2-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmfebopk.sys [2010-2-20 35272]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:windowssystem32driversSCR3XX2K.sys [2007-10-17 56448]
S2 gupdate1c9e66130ac09c3;Google Update Service (gupdate1c9e66130ac09c3);c:program filesgoogleupdateGoogleUpdate.exe [2009-6-5 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2010-2-20 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2010-2-20 40552]
S4 McSysmon;McAfee SystemGuards;c:progra~1mcafeeviruss~1mcsysmon.exe [2010-2-20 606736]

=============== Created Last 30 ================

2010-03-16 01:24:12 0 -c--a-w- c:userschi-meidefogger_reenable
2010-03-11 05:26:55 24064 -c--a-w- c:windowssystem32nshhttp.dll
2010-03-11 05:26:53 411136 -c--a-w- c:windowssystem32drivershttp.sys
2010-03-11 05:26:53 31232 -c--a-w- c:windowssystem32httpapi.dll
2010-03-11 03:11:18 0 dc----w- c:programdataReal
2010-02-24 01:11:55 2048 -c--a-w- c:windowssystem32tzres.dll
2010-02-24 01:10:11 523776 -c--a-w- c:windowssystem32RMActivate_isv.exe
2010-02-24 01:10:11 511488 -c--a-w- c:windowssystem32RMActivate.exe
2010-02-24 01:10:11 472576 -c--a-w- c:windowssystem32secproc_isv.dll
2010-02-24 01:10:11 472064 -c--a-w- c:windowssystem32secproc.dll
2010-02-24 01:10:11 347136 -c--a-w- c:windowssystem32RMActivate_ssp.exe
2010-02-24 01:10:11 346624 -c--a-w- c:windowssystem32RMActivate_ssp_isv.exe
2010-02-24 01:10:09 329216 -c--a-w- c:windowssystem32msdrm.dll
2010-02-24 01:10:09 151040 -c--a-w- c:windowssystem32secproc_ssp_isv.dll
2010-02-24 01:10:09 151040 -c--a-w- c:windowssystem32secproc_ssp.dll
2010-02-20 22:53:24 12606 -c--a-w- c:windowssystem32Config.MPF
2010-02-20 22:48:12 79816 -c--a-w- c:windowssystem32driversmfeavfk.sys
2010-02-20 22:48:12 40552 -c--a-w- c:windowssystem32driversmfesmfk.sys
2010-02-20 22:48:12 35272 -c--a-w- c:windowssystem32driversmfebopk.sys
2010-02-20 22:48:09 130424 -c--a-w- c:windowssystem32driversMpfp.sys
2010-02-20 22:47:29 0 dc----w- c:program filesMcAfee.com
2010-02-20 22:47:29 0 dc----w- c:program filescommon filesMcAfee
2010-02-20 22:47:28 0 dc----w- c:program filesMcAfee
2010-02-20 22:36:15 34248 -c--a-w- c:windowssystem32driversmferkdk.sys

==================== Find3M ====================

2010-02-24 17:16:06 181632 -c----w- c:windowssystem32MpSigStub.exe
2010-01-02 06:38:20 916480 -c--a-w- c:windowssystem32wininet.dll
2010-01-02 06:32:33 71680 -c--a-w- c:windowssystem32iesetup.dll
2010-01-02 06:32:33 109056 -c--a-w- c:windowssystem32iesysprep.dll
2010-01-02 04:57:00 133632 -c--a-w- c:windowssystem32ieUnatt.exe
2009-12-28 12:35:50 11776 -c--a-w- c:windowssystem32tsbyuv.dll
2009-12-28 12:35:00 1314816 -c--a-w- c:windowssystem32quartz.dll
2009-12-28 12:32:34 22528 -c--a-w- c:windowssystem32msyuv.dll
2009-12-28 12:32:32 31744 -c--a-w- c:windowssystem32msvidc32.dll
2009-12-28 12:32:32 123904 -c--a-w- c:windowssystem32msvfw32.dll
2009-12-28 12:32:25 13312 -c--a-w- c:windowssystem32msrle32.dll
2009-12-28 12:31:22 82944 -c--a-w- c:windowssystem32mciavi32.dll
2009-12-28 12:31:01 50176 -c--a-w- c:windowssystem32iyuv_32.dll
2009-12-28 12:28:43 91136 -c--a-w- c:windowssystem32avifil32.dll
2009-12-28 12:28:43 65024 -c--a-w- c:windowssystem32avicap32.dll
2009-09-13 00:44:43 86016 ----a-w- c:windowsinfinfstor.dat
2009-09-13 00:44:43 51200 ----a-w- c:windowsinfinfpub.dat
2009-09-13 00:44:42 86016 ----a-w- c:windowsinfinfstrng.dat
2008-10-26 05:47:24 174 --sha-w- c:program filesdesktop.ini
2008-10-26 05:38:46 665600 ----a-w- c:windowsinfdrvindex.dat
2006-11-02 12:42:02 30674 -c--a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 -c--a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 -c--a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 -c--a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 -c--a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 -c--a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 -c--a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 -c--a-w- c:windowsinfperflib0000perfc.dat
2007-04-06 15:54:40 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 18:29:26.62 ===============




Please note that when I followed the Preparation Guide to do the GMER scan, my computer crashed after about 10 min of scanning.



Here is what it said when it crashed:

STOP: c000021a {Fatal System Error}
The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005 (0x00060fc0 0x0124ea50)
The system has been shut down

Collection data for crash dump...
Initializing for crash dump...



I tried to do the GMER scan three times, and all three times it crashed. I could see the RootKit list hasn't changed after the first two minutes of scan during the previous three times. So at the fourth time, I stopped it after I saw the Rootkit list stopped changing. And I saved the list as ark.txt as instructed.

Where can I attached the Attach.txt and ark.txt files? I am using the "Full Edit" mode right now, but I don't see an "attach" button

P.S. I downloaded a free McAfee anti-virus program about 3 weeks ago, and since then, my computer is very slow. Not sure if this is part of the problem.

This post has been edited by Orange Blossom: 16 March 2010 - 01:05 PM
Reason for edit: Moved to Malware Removal Logs~~ boopme/ Deactivate links. ~ OB

#2 User is offline   Shannon2012 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 3,642
  • Joined: 31-July 06
  • Gender:Male
  • Location:North Carolina, USA

Posted 19 March 2010 - 08:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 User is offline   schrauber 

  • Mr.Mechanic
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 21,111
  • Joined: 03-May 08
  • Gender:Male
  • Location:Saarland,Germany

Posted 27 March 2010 - 07:29 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users