Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware In Browser - Directing Url's


  • Please log in to reply
7 replies to this topic

#1 Shawn Stephens

Shawn Stephens

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2008 - 02:58 PM

I have some sort of malware/work causing my browser (IE) to be directed to unintended URL's, all shopping URL's. When I back out to google and try my URl again, it usually works correctly.

Sometimes the search itself is hijacked and gives me a bogus set of results - like this one - I typed in Browsing and this is the garbage that "google" came up with. No way is this a legitimate google search on the key word browsing. The first hit is a shopping website.


Web Images Maps News Shopping Gmail more ▼ Blogs Books Calendar Documents Finance Groups Photos Reader Scholar Video YouTube even more » Sign in
Google Advanced Search
Preferences
Google SafeSearch is ON

Web Results 1 - 10 of about 17,100,000 for browsing [definition] with Safesearch on. (0.12 seconds)

Sponsored Links

Windows Internet Explorer
Better, Easier And Safer Surfing
With New Tools Like Tabbed Browsing
Windows.com




Browsing the ToLBrowsing the Tree of Life. If you would like to explore the diversity of organisms on the Tree of Life, any one of the following pages will provide a good ...
www.tolweb.org/tree/home.pages/browsing.html - 12k - Cached - Similar pages

Browse ArtArt - community of artists and those devoted to art. Digital art, skin art, themes, wallpaper art, traditional art, photography, poetry / prose. Art prints.
browse.deviantart.com/ - 27k - Cached - Similar pages

Traveling the Electronic Highway: World-Wide Browsing< > In [Gr\/onbaek:94] methods for effective browsing on the Internet are presented, even with guidance one can easily get lost, since the signage on the ...
infolab.stanford.edu/pub/gio/CS99I/browsing.html - 27k - Cached - Similar pages

Browsing - MycotedThis item is about creative browsing in a library context. However see "Using Experts" for a very different approach to information acquisition. ...
www.mycoted.com/Browsing - 12k - Cached - Similar pages

[Out of Date] Alternative Web BrowsingReference list of alternative browsers and assistive technologies for people with disabilities using the Web.
www.w3.org/WAI/References/Browsing - 17k - Cached - Similar pages

Browsing - SWiKMove Browsing? Moving this page will change its URL and content tagged 'Browsing' will ... The contents of Browsing page and all pages directly attached to ...
swik.net/Browsing - 72k - Cached - Similar pages

Download Browsing Software Invisible Browsing, My Thumbnailer and ...FileBuzz is the online software download source for browsing software.
www.filebuzz.com/files/browsing/1.html - 67k - Cached - Similar pages

BrowsingThrough a combination of database tables and collmgr field configuration, dynamic browsing is available through the DLXS middleware. ...
www.dlxs.org/docs/13/collmeta/browse.html - 13k - Cached - Similar pages

Browsing - The Only Third Generation Web Browser Invisible ...Browsing - The Only Third Generation Web Browser Invisible Browsing masks, hide your IP addres.
browsing.qarchive.org/ - 24k - Cached - Similar pages

BrowsingBrowse · About · Help. Questions? Problems? Suggestions? Contact DLA. All Folios. [folio icon] Top. Sub Folios. [folio icon] ...
imagebase.lib.vt.edu/browse.php - 14k - Cached - Similar pages



1 2 3 4 5 6 7 8 9 10 Next






Search within results | Language Tools | Search Tips | Dissatisfied? Help us improve | Try Google Experimental





--------------------------------------------------------------------------------

©2007 Google - Google Home - Advertising Programs - Business Solutions - About Google

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 AM

Posted 02 January 2008 - 04:01 PM

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

You need to start there first. If rescanning in Safe Modes does not help, then do this:

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Perform an Online Virus Scan like BitDefender.
(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Shawn Stephens

Shawn Stephens
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2008 - 04:30 PM

I'm using Windows XP. I use an enterprise-wide AV Symantec Antivirus :::

Program Version: 10.0.1.1009
Scan Engine: 71.3.0.25
Virsu Def File: 1/2/2008 rev. 2

The malware is hijacking my web searches. Sometimes the whole search, sometimes after clicking a url. Will proceed with your instructions.

Edited by Shawn Stephens, 02 January 2008 - 04:32 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 AM

Posted 02 January 2008 - 04:38 PM

If you have not upgraded to XP SP1, you need to do that. Install All CRITICAL Updates and security patches except SP2 will help to prevent crippling malware attacks. Without doing that first, you are wide open to re-infection and other high security risks which are prone to an unpatched system and we are just wasting our time. By applying all critical updates, you will close many of these security holes which make your computer vulnerable and not keep getting reinfected while cleaning your machine.

If you have already upgraded and just forgot to mention it, then proceed as instructed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Shawn Stephens

Shawn Stephens
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2008 - 05:54 PM

Greetings - I am on XP SP2.

I had to cut it short after about 50,000 program file scans - it had already returned several positives and I definitely feel the first one the smitfraud trojan to have been the recent culprit hijacking my browsing urls's, etc.

Here's a log:


UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/02/2008 at 04:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 00:54:49

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 9059
Registry threats detected : 155
File items scanned : 50673
File threats detected : 7

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}
HKCR\CLSID\{4A9E875B-D032-45E4-8294-789FE3BE5B19}
HKCR\CLSID\{4A9E875B-D032-45E4-8294-789FE3BE5B19}\InProcServer32
HKCR\CLSID\{4A9E875B-D032-45E4-8294-789FE3BE5B19}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VGIBZ.DLL

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.180solutions/Seekmo
HKCR\Seekmo.DesktopFlash
HKCR\Seekmo.DesktopFlash\CLSID
HKCR\Seekmo.DesktopFlash\CurVer
HKCR\Seekmo.DesktopFlash.1
HKCR\Seekmo.DesktopFlash.1\CLSID
HKCR\SeekmoAX.ClientDetector
HKCR\SeekmoAX.ClientDetector\CLSID
HKCR\SeekmoAX.ClientDetector\CurVer
HKCR\SeekmoAX.ClientDetector.1
HKCR\SeekmoAX.ClientDetector.1\CLSID
HKCR\SeekmoAX.UserProfiles
HKCR\SeekmoAX.UserProfiles\CLSID
HKCR\SeekmoAX.UserProfiles\CurVer
HKCR\SeekmoAX.UserProfiles.1
HKCR\SeekmoAX.UserProfiles.1\CLSID
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Control
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\InprocServer32
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\InprocServer32#ThreadingModel
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\MiscStatus
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\MiscStatus\1
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\ProgID
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Programmable
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\ToolboxBitmap32
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\TypeLib
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Version
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\VersionIndependentProgID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}#AppID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\LocalServer32
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\ProgID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\Programmable
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\TypeLib
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\VersionIndependentProgID
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\InprocServer32
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\InprocServer32#ThreadingModel
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\ProgID
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\Programmable
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\TypeLib
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\VersionIndependentProgID
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\0
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\0\win32
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\FLAGS
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\HELPDIR
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\0
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\0\win32
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\FLAGS
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\HELPDIR
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\ProxyStubClsid
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\ProxyStubClsid32
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\TypeLib
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\TypeLib#Version
HKCR\AppId\SeekmoSA_df.exe
HKCR\AppId\SeekmoSA_df.exe#AppID
HKCR\AppId\{4A40E8FC-C7E4-4F57-9FA4-85DD77402897}
HKU\S-1-5-21-369997941-647960827-447208795-201788\Software\seekmosa
C:\Documents and Settings\stephest\Application Data\Seekmo

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

Malware.VirusProtectPro
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}\1.0
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}\1.0\0
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}\1.0\0\win32
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}\1.0\FLAGS
HKCR\TypeLib\{6D88033C-6FD8-4374-9532-7EA301DF08AE}\1.0\HELPDIR
HKCR\Interface\{07420914-E5A0-451E-BFD4-AA1B799D39AD}
HKCR\Interface\{07420914-E5A0-451E-BFD4-AA1B799D39AD}\ProxyStubClsid
HKCR\Interface\{07420914-E5A0-451E-BFD4-AA1B799D39AD}\ProxyStubClsid32
HKCR\Interface\{07420914-E5A0-451E-BFD4-AA1B799D39AD}\TypeLib
HKCR\Interface\{07420914-E5A0-451E-BFD4-AA1B799D39AD}\TypeLib#Version
HKCR\Interface\{0B6C7539-C6D5-4DDE-9632-184F421EF8D7}
HKCR\Interface\{0B6C7539-C6D5-4DDE-9632-184F421EF8D7}\ProxyStubClsid
HKCR\Interface\{0B6C7539-C6D5-4DDE-9632-184F421EF8D7}\ProxyStubClsid32
HKCR\Interface\{0B6C7539-C6D5-4DDE-9632-184F421EF8D7}\TypeLib
HKCR\Interface\{0B6C7539-C6D5-4DDE-9632-184F421EF8D7}\TypeLib#Version
HKCR\Interface\{164913B3-FCDE-45B5-8901-1750F4E3119E}
HKCR\Interface\{164913B3-FCDE-45B5-8901-1750F4E3119E}\ProxyStubClsid
HKCR\Interface\{164913B3-FCDE-45B5-8901-1750F4E3119E}\ProxyStubClsid32
HKCR\Interface\{164913B3-FCDE-45B5-8901-1750F4E3119E}\TypeLib
HKCR\Interface\{164913B3-FCDE-45B5-8901-1750F4E3119E}\TypeLib#Version
HKCR\Interface\{365036EB-87C2-4627-8FBC-EF6E9E8DA5C2}
HKCR\Interface\{365036EB-87C2-4627-8FBC-EF6E9E8DA5C2}\ProxyStubClsid
HKCR\Interface\{365036EB-87C2-4627-8FBC-EF6E9E8DA5C2}\ProxyStubClsid32
HKCR\Interface\{365036EB-87C2-4627-8FBC-EF6E9E8DA5C2}\TypeLib
HKCR\Interface\{365036EB-87C2-4627-8FBC-EF6E9E8DA5C2}\TypeLib#Version
HKCR\Interface\{64D6666F-B95E-4048-9FA5-F68B094EA030}
HKCR\Interface\{64D6666F-B95E-4048-9FA5-F68B094EA030}\ProxyStubClsid
HKCR\Interface\{64D6666F-B95E-4048-9FA5-F68B094EA030}\ProxyStubClsid32
HKCR\Interface\{64D6666F-B95E-4048-9FA5-F68B094EA030}\TypeLib
HKCR\Interface\{64D6666F-B95E-4048-9FA5-F68B094EA030}\TypeLib#Version
HKCR\Interface\{69B73AA0-CA0C-4BE6-9811-EB0D951B5B99}
HKCR\Interface\{69B73AA0-CA0C-4BE6-9811-EB0D951B5B99}\ProxyStubClsid
HKCR\Interface\{69B73AA0-CA0C-4BE6-9811-EB0D951B5B99}\ProxyStubClsid32
HKCR\Interface\{69B73AA0-CA0C-4BE6-9811-EB0D951B5B99}\TypeLib
HKCR\Interface\{69B73AA0-CA0C-4BE6-9811-EB0D951B5B99}\TypeLib#Version
HKCR\Interface\{77345588-AB75-4CDA-873F-AAE78C01EFCD}
HKCR\Interface\{77345588-AB75-4CDA-873F-AAE78C01EFCD}\ProxyStubClsid
HKCR\Interface\{77345588-AB75-4CDA-873F-AAE78C01EFCD}\ProxyStubClsid32
HKCR\Interface\{77345588-AB75-4CDA-873F-AAE78C01EFCD}\TypeLib
HKCR\Interface\{77345588-AB75-4CDA-873F-AAE78C01EFCD}\TypeLib#Version
HKCR\Interface\{B56ED873-C3D3-4202-9EF8-FB31DEE2C207}
HKCR\Interface\{B56ED873-C3D3-4202-9EF8-FB31DEE2C207}\ProxyStubClsid
HKCR\Interface\{B56ED873-C3D3-4202-9EF8-FB31DEE2C207}\ProxyStubClsid32
HKCR\Interface\{B56ED873-C3D3-4202-9EF8-FB31DEE2C207}\TypeLib
HKCR\Interface\{B56ED873-C3D3-4202-9EF8-FB31DEE2C207}\TypeLib#Version
HKCR\Interface\{BB3EBAF2-F4C4-4B66-9A98-EED3B70D1BB3}
HKCR\Interface\{BB3EBAF2-F4C4-4B66-9A98-EED3B70D1BB3}\ProxyStubClsid
HKCR\Interface\{BB3EBAF2-F4C4-4B66-9A98-EED3B70D1BB3}\ProxyStubClsid32
HKCR\Interface\{BB3EBAF2-F4C4-4B66-9A98-EED3B70D1BB3}\TypeLib
HKCR\Interface\{BB3EBAF2-F4C4-4B66-9A98-EED3B70D1BB3}\TypeLib#Version
HKCR\Interface\{C5CC0894-AD1E-47AD-9265-0F463AE30508}
HKCR\Interface\{C5CC0894-AD1E-47AD-9265-0F463AE30508}\ProxyStubClsid
HKCR\Interface\{C5CC0894-AD1E-47AD-9265-0F463AE30508}\ProxyStubClsid32
HKCR\Interface\{C5CC0894-AD1E-47AD-9265-0F463AE30508}\TypeLib
HKCR\Interface\{C5CC0894-AD1E-47AD-9265-0F463AE30508}\TypeLib#Version
HKCR\Interface\{C7604D71-CD16-4976-9383-D24B6FAD052E}
HKCR\Interface\{C7604D71-CD16-4976-9383-D24B6FAD052E}\ProxyStubClsid
HKCR\Interface\{C7604D71-CD16-4976-9383-D24B6FAD052E}\ProxyStubClsid32
HKCR\Interface\{C7604D71-CD16-4976-9383-D24B6FAD052E}\TypeLib
HKCR\Interface\{C7604D71-CD16-4976-9383-D24B6FAD052E}\TypeLib#Version
HKCR\Interface\{D42CF3BB-E79E-4C0B-B434-6841CA9C4593}
HKCR\Interface\{D42CF3BB-E79E-4C0B-B434-6841CA9C4593}\ProxyStubClsid
HKCR\Interface\{D42CF3BB-E79E-4C0B-B434-6841CA9C4593}\ProxyStubClsid32
HKCR\Interface\{D42CF3BB-E79E-4C0B-B434-6841CA9C4593}\TypeLib
HKCR\Interface\{D42CF3BB-E79E-4C0B-B434-6841CA9C4593}\TypeLib#Version
HKCR\Interface\{D8C36036-2E41-4CE0-9351-99087DD28A29}
HKCR\Interface\{D8C36036-2E41-4CE0-9351-99087DD28A29}\ProxyStubClsid
HKCR\Interface\{D8C36036-2E41-4CE0-9351-99087DD28A29}\ProxyStubClsid32
HKCR\Interface\{D8C36036-2E41-4CE0-9351-99087DD28A29}\TypeLib
HKCR\Interface\{D8C36036-2E41-4CE0-9351-99087DD28A29}\TypeLib#Version
HKCR\Interface\{E60A0F09-DD6B-4343-84B0-C33B946D5A9C}
HKCR\Interface\{E60A0F09-DD6B-4343-84B0-C33B946D5A9C}\ProxyStubClsid
HKCR\Interface\{E60A0F09-DD6B-4343-84B0-C33B946D5A9C}\ProxyStubClsid32
HKCR\Interface\{E60A0F09-DD6B-4343-84B0-C33B946D5A9C}\TypeLib
HKCR\Interface\{E60A0F09-DD6B-4343-84B0-C33B946D5A9C}\TypeLib#Version
HKCR\Interface\{E6369BCA-E4FA-4497-89C5-ECF9268B64B1}
HKCR\Interface\{E6369BCA-E4FA-4497-89C5-ECF9268B64B1}\ProxyStubClsid
HKCR\Interface\{E6369BCA-E4FA-4497-89C5-ECF9268B64B1}\ProxyStubClsid32
HKCR\Interface\{E6369BCA-E4FA-4497-89C5-ECF9268B64B1}\TypeLib
HKCR\Interface\{E6369BCA-E4FA-4497-89C5-ECF9268B64B1}\TypeLib#Version
HKCR\Interface\{F040E242-BAD6-46F7-A787-D3AB811E5BC3}
HKCR\Interface\{F040E242-BAD6-46F7-A787-D3AB811E5BC3}\ProxyStubClsid
HKCR\Interface\{F040E242-BAD6-46F7-A787-D3AB811E5BC3}\ProxyStubClsid32
HKCR\Interface\{F040E242-BAD6-46F7-A787-D3AB811E5BC3}\TypeLib
HKCR\Interface\{F040E242-BAD6-46F7-A787-D3AB811E5BC3}\TypeLib#Version

Rogue.WinPerformance
C:\Program Files\WinPerformance\uninstall.exe
C:\Program Files\WinPerformance

Trojan.Downloader-Gen/MobRules
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UNIFAREB.DLL

Adware.Tracking Cookie
C:\Documents and Settings\stephest\Cookies\stephest@getcounterspy[1].txt

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 AM

Posted 02 January 2008 - 07:53 PM

Please print out and follow the generic instructions for using "SmitfraudFix".
(If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!)
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Also let me know how your computer is running when done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Shawn Stephens

Shawn Stephens
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2008 - 11:31 PM

Completed the SmitFraud scan. Computer and browser are both working fine. What a relief! Here is the log:

SmitFraudFix v2.274

Scan done at 22:12:59.79, Wed 01/02/2008
Run from C:\Documents and Settings\stephest\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.162
DNS Server Search Order: 68.87.74.162
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{31C893A1-E435-49A8-86BC-95C9A639242A}: DhcpNameServer=68.87.68.162 68.87.74.162 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{879B3B35-60A6-4EDB-9086-F7BC572F4C9F}: DhcpNameServer=52.52.32.14 52.100.146.1 52.127.2.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{31C893A1-E435-49A8-86BC-95C9A639242A}: DhcpNameServer=68.87.68.162 68.87.74.162 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=52.52.32.14 52.100.146.1 52.127.2.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162 192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by Shawn Stephens, 02 January 2008 - 11:33 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 AM

Posted 02 January 2008 - 11:48 PM

How is your computer running now? Are you still having problems with the browser search?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users