Help
Here is the log you requested:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/17/2011 at 10:14 PM
Application Version : 4.55.1000
Core Rules Database Version : 7419
Trace Rules Database Version: 5231
Scan type : Complete Scan
Total Scan Time : 00:50:40
Memory items scanned : 390
Memory threats detected : 0
Registry items scanned : 11935
Registry threats detected : 0
File items scanned : 133755
File threats detected : 29
Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\JENDSHE\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\JENDSHE\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
Trojan.Agent/Gen-PEC
C:\USERS\JENDSHE\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\JENDSHE\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
Adware.Tracking Cookie
cloudfront.mediamatters.org [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
ds.serving-sys.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
files.youporn.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
ia.media-imdb.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
ictv-ic-ec.indieclicktv.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.crooksandliars.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.kohls.com.edgesuite.net [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.kyte.tv [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.mtvnservices.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.nbcdfw.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.nbcphiladelphia.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.onsugar.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.oprah.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.overstock.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.subwayfreshbuzz.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
media.whosay.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
msnbcmedia.msn.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
s0.2mdn.net [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
secure-us.imrworldwide.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
serving-sys.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
spe.atdmt.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
stat.easydate.biz [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
static.discoverymedia.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
www.naiadsystems.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
www.pornhub.com [ C:\Users\JENDSHE\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P42TSMZK ]
Google/Search Engine Redirect Virus Can't seem to get rid of it.
Back to top
#17
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 18 July 2011 - 09:07 AM
OK, nothing serious there. How did the last MBAM go and the redirects are stopped?
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#18
- Member
-
- Group: Members
- Posts: 22
- Joined: 08-June 11
Posted 18 July 2011 - 07:35 PM
The second MBAM came out clean and still no redirecting.
#19
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 18 July 2011 - 07:59 PM
Perfect!! Since there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
Vista and Windows 7 users can refer to these links:
The easiest and safest way to do this is:
- Go to
> Programs > Accessories > System Tools and click "System Restore". - Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then use Disk Cleanup to remove all but the most recently created Restore Point.
- Go to > Run... and type: Cleanmgr
- Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
- Click the "More Options" tab, then click the "Clean up" button under System Restore.
- Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
- Click Yes, then click Ok.
- Click Yes again when prompted with "Are you sure you want to perform these actions?"
- Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#20
- Member
-
- Group: Members
- Posts: 22
- Joined: 08-June 11
Posted 18 July 2011 - 08:24 PM
Crud. Will this ever end?
I tried to do the systems restore, but there was no option for 'create a restore point', so I googled 'restore point for windows 7', since I thought my version might have slightly different directions (I thought maybe the ones you posted might have been for XP or Vista). And when I clicked on the appropriate link, it redirected.
Maybe it could still be the router?
I tried to do the systems restore, but there was no option for 'create a restore point', so I googled 'restore point for windows 7', since I thought my version might have slightly different directions (I thought maybe the ones you posted might have been for XP or Vista). And when I clicked on the appropriate link, it redirected.
Maybe it could still be the router?
#21
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 18 July 2011 - 08:45 PM
Ok Chicklet.. Let;s run this,, If this still redirects do the Router.
Be sure to print out and read the instructions provided in How to use Kaspersky virus removal tool.
Be sure to print out and read the instructions provided in How to use Kaspersky virus removal tool.
- Double-click the setup file (i.e. setup_7.0.0.290_24.06.2009_12-58.exe) to install the utility.
- If using Vista, right-click on it and Run As Administrator.
If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.. - Click Next to continue.
- It will install by default to your desktop folder. Click Next.
- Click Ok at the prompt for scanning in Safe Mode if you booted into safe mode.
- A box will open with a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- System Memory
- Startup Objects
- Disk Boot Sectors
- My Computer
- Any other drives (except CD-ROM drives)
- System Memory
- Click on the Scan button.
- If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
- In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
- In the Scan window click the Reports button, name the report AVPT.txt and select Save to file.
- This tool should uninstall when you close it so please save the report log before closing.
- When done, close the Kaspersky Virus Removal Tool.
- You will be prompted if you want to uninstall the program. Click Yes.
- You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
- Copy and paste only the first part of the report (Detected) in your next reply. Do not include the longer list marked Events.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#22
- Member
-
- Group: Members
- Posts: 22
- Joined: 08-June 11
Posted 21 July 2011 - 09:42 PM
Here is the Kaspersky virus removal tool log:
Status: Disinfected (events: 17)
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511 High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.n C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/olig/aret.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8 High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.n C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/olig/aret.class High
7/21/2011 6:25:28 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.er C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-1d08eac6 High
7/21/2011 6:25:28 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.er C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-1d08eac6/bingo/efir.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/rova.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/rova.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ly C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/FAQ/Template.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mk C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/ronozi.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mk C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/ronozi.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/Commander.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/peleza.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/peleza.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/Syntax.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/XmlStandard.class High
Status: Disinfected (events: 17)
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511 High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.n C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/olig/aret.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8 High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.n C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/olig/aret.class High
7/21/2011 6:25:28 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.er C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-1d08eac6 High
7/21/2011 6:25:28 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.er C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-1d08eac6/bingo/efir.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/rova.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/rova.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ly C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/FAQ/Template.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mk C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/ronozi.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mk C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/ronozi.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/Commander.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\560f078b-41111fd8/manty/peleza.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.k C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5125954a-6891c511/manty/peleza.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/Syntax.class High
7/21/2011 6:25:29 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.aa C:\Documents and Settings\JENDSHE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\14238a2c-2bf5b10d/tools/XmlStandard.class High
#23
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 22 July 2011 - 01:08 PM
I don't get why tyou still get the the Java exploit. Are you redirecting?
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#24
- Member
-
- Group: Members
- Posts: 22
- Joined: 08-June 11
Posted 22 July 2011 - 05:18 PM
Yes, it's still doing some redirecting.
#25
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 22 July 2011 - 06:58 PM
We must gave a malware protected by a driver or service.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
