BleepingComputer.com: Browser redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Browser redirect

#16 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,393
  • Joined: 16-May 10
  • Gender:Male

Posted 15 April 2011 - 12:50 PM

darctiger:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

  • Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes copy and paste the results into your next reply.

Please include the following in your next post:
  • How is your computer running now?
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#17 User is offline   darctiger 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 09-April 11

Posted 19 April 2011 - 12:49 AM

OMG RP...I totally didnt see the second page with your reply or I would have responded by now...my computer seems to be running just fine aside from the right click not showing me "Open in New Tab" option. Other than that...everything seems just fine!

Here are the logs you asked for...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/18/2011 11:51:23 PM
mbam-log-2011-04-18 (23-51-23).txt

Scan type: Quick scan
Objects scanned: 163576
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



C:\Documents and Settings\Timothy Carpenter\My Documents\Downloaded Program Updates\TalismanOnline_1644_Setup.exe probably a variant of Win32/Packed.Themida application
C:\Documents and Settings\Timothy Carpenter\My Documents\My Received Files\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application
C:\Documents and Settings\Timothy Carpenter\My Documents\My Received Files\Nero-7.8.5.0_eng_update.exe Win32/Toolbar.AskSBar application
C:\Program Files\TalismanOnline\client.exe probably a variant of Win32/Packed.Themida application
C:\Qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP456\A0066871.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP456\A0066872.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP456\A0066873.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP457\A0066990.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP457\A0066991.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP458\A0067265.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP458\A0067363.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP458\A0067386.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069004.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069005.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069006.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069007.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069008.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069009.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069010.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069011.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069012.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069014.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069024.rbf Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069025.rbf Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069145.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069146.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069147.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069148.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069149.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069150.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069151.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069152.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069153.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069154.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069155.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069156.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069159.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069160.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069162.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069163.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069164.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069165.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069166.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069167.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069168.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069169.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069170.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069171.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069172.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069173.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069174.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069175.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069176.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069177.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069178.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069179.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069180.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069181.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069182.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069183.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069184.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069185.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069186.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069187.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP459\A0069188.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069526.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069527.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069528.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069529.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069530.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069531.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069532.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069533.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069534.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069535.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069536.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069537.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069538.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069539.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069540.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069541.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069542.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069543.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069544.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069545.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069546.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069547.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069548.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069549.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069550.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069551.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069552.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069553.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069554.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069555.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069556.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069557.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069558.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069559.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069560.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{45D593B6-5789-4CC7-99C9-6DF744F77BF5}\RP461\A0069561.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\_OTL\MovedFiles\04132011_221618\C_Program Files\Microsoft ActiveSync\Wcescomm.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\_OTL\MovedFiles\04132011_221618\C_Program Files\QuickTime\qttask.exe Win32/TrojanDownloader.Unruy.BN trojan
G:\Movies\Software\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Nero-7.10.1.2_all_update.exe Win32/Toolbar.AskSBar application

#18 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,393
  • Joined: 16-May 10
  • Gender:Male

Posted 19 April 2011 - 08:19 PM

darctiger:

Posted ImageYour logs indicate that you are using cracks and/or keygens. Visiting cracksites/warezsites - and other questionable/illegal sites is always very high risk. If you install the cracked software, you are running executable files from dubious, unknown sources and are in effect possibly giving these sources access to information on your hard disk, and control over the operation of your computer.

ESET flags the legit version of Nero you have installed as adware, but I'll leave that up to you.

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
C:\Documents and Settings\Timothy Carpenter\My Documents\Downloaded Program Updates\TalismanOnline_1644_Setup.exe
G:\Movies\Software\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Nero-7.10.1.2_all_update.exe
:Commands
[EmptyFlash]
[EmptyTemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Other than that, your logs look good! Now I have another update and some very important cleanup for you to take care of:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.

Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  • Avoid using P2P programs and keygens. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#19 User is offline   darctiger 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 09-April 11

Posted 19 April 2011 - 09:37 PM

Thank you so much, you have been an amazing help to me. I greatly appreciate everything you have done and the time you took out to help me rid my computer of the unwanted nasties. Thanks again so much!

Oh, how do I fix my IE 8 to do open in new tab options when I right click?

This post has been edited by darctiger: 19 April 2011 - 09:42 PM

#20 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,393
  • Joined: 16-May 10
  • Gender:Male

Posted 20 April 2011 - 07:41 AM

darctiger:

I've never heard of that before, but try the suggestions in this thread link

If nothing there helps, open a new thread in our browser forum here

Take care.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#21 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,393
  • Joined: 16-May 10
  • Gender:Male

Posted 25 April 2011 - 09:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users