BleepingComputer.com: Unable to use browser searches

Here is the MBAM Log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8227

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/23/2011 4:37:23 PM
mbam-log-2011-11-23 (16-37-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 534640
Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sterry31:

How is the computer running now? Please do this next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
  
• Next, click on the Delete Files button
  
• There are two options in the window to clear the cache - Leave BOTH Checked
  
  • Applications and Applets
    
  • Trace and Log Files
  
  
• Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

• Click OK to leave the Temporary Files Window
  
• Click OK to leave the Java Control Panel.

Please go to here to run an online scan with ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  
• Click on Advanced Settings and ensure these options are ticked:
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology


• Click Scan
  
• Wait for the scan to finish
  
• If any threats were found, click the 'List of found threats' , then click Export to text file....
  
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

• How is the computer running now?
  
• ESET log

Hello,

I am able to use the browser searches again. Here is the ESET Log.

C:\Documents and Settings\Administrator\My Documents\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\Administrator\My Documents\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Documents and Settings\bskubas\Application Data\Sun\Java\Deployment\cache\6.0\32\3b578aa0-1610699c a variant of Java/TrojanDownloader.OpenStream.NCM trojan

Thanks!

Steph

sterry31:

You can just uninstall or remove SmitFraud Fix. This will take care of the other detection:

Go to Start > Run and copy/paste the contents of the codebox below into the Run box and click OK:

cmd /c del /a/f/q ":\Documents and Settings\bskubas\Application Data\Sun\Java\Deployment\cache\6.0\32\3b578aa0-1610699c"

A DOS window may briefly open and close again, this is normal.

Other than that, your logs look good. All I have left for you is another update and some very important cleanup:

Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Uninstall ComboFix

• Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
  Combofix /Uninstall

Delete the following tools along with any other logs you saved from our work:

• DDS
  
• GMER

Download TFC to your desktop

• Close any open windows.
  
• Double click the TFC icon to run the program
  
• TFC will close all open programs itself in order to run,
  
• Click the Start button to begin the process.
  
• Allow TFC to run uninterrupted.
  
• The program should not take long to finish it's job
  
• Once its finished it should automatically reboot your machine,
  
• if it doesn't, manually reboot to ensure a complete clean

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
  
• Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  
• Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Hello RPMcMurphy,

I just want to thank you for helping me work through my issues. Everything is running great at the moment and I will be following your suggestions to keep my system safe and sound. You can mark this thread as resolved. I appreciate everything you did!

Steph

You're welcome, Steph. Take care.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.