Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"redirect" Virus


  • Please log in to reply
15 replies to this topic

#1 duroche

duroche

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 25 February 2008 - 10:16 PM

need help...

i have what i am deeming the "redirect" virus (based on the information i have read from other posts in this site)... when i type in a keyword in google and attempt to click on any websites that show up i get redirected to other sites never to the specific site i clicked...

need some suggestions as to what to do...

i run a windows xp dell computer...

thanks in advance...

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:52 AM

Posted 25 February 2008 - 11:58 PM

Hello,what Antivirus and spyware tools do uou have installed? Have you scanned with them from safe mode?
Also please follow these instructions.

Download Attribune's ATF Cleanerand then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt
.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 03 March 2008 - 09:55 PM

to whom that can can help me...

I'm a novice computer user... novice when it comes to computer security... very likely my computer is infected, I have run spybot - search and destroy and the results are frightening... but I cannot decipher what could be real or not... I have made a different post on this blog regarding the redirect virus and downloaded ATF Cleaner and SuperAntiSpyware... used ATF first, fired up Super in safe mode, quaranteed and took care of what I thought was the problem... seem to still have these virus/spyware/adware issues... don't know whether there is something I can do in-house to solve the problems or bring it to "geek squad" for complete rebuild... any suggestions? I appreciate in advance the help...

THX

Edited by Orange Blossom, 03 March 2008 - 10:09 PM.
Merged topics


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:52 AM

Posted 03 March 2008 - 10:17 PM

Hello, duroche and welcome to BC :flowers:

I merged the last topic you started, Seemed To Be Infected..., virus infected..., with your original topic here.

Starting 2 topics, about the same problem, is called double posting, and is not allowed on this board.

Please keep all of your replies in this one topic.

The members helping you will be looking for your responses to their questions in the topic they replied to. Posting it elsewhere, will cause a delay in the help you receive, and neither one of us wants that. smile.gif

When you start several topics, for the same problem, it becomes very confusing to follow, for all of those involved.

If you have any questions, don't hesitate to PM me.

Please post the SUPERAntiSpyware log that boopme requested so he can continue assisting you with disinfecting your computer.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 03 March 2008 - 11:23 PM

its looks as though Orange Blossum has "redirected" me back to my original post (which I don't have the "redirect" issue anymore) ... I cannot retrieve the information from SuperAnti Spyware Scanner Logs detail... there is nothing I can double click on... ?... now I have run Spybot S&D and it shows several "issues" that I cannot tell are threatening or not... please help...

THX

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:52 AM

Posted 03 March 2008 - 11:32 PM

Hello duroche,

Even though you are no longer being redirected, and that is good to hear, the issues you are having are related to the same set of infections. In order to get the SUPERAntiSpyware log, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log, and if there are no logs there let us know that too.

Also, please post the Spybot log. The logs are important because they help us identify what the specific infection is so that we can provide the proper disinfection procedures.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 03 March 2008 - 11:37 PM

for some reason I cannot get the scan log that you are requesting...

its shows nothing in the Scanner Log tab...

I will do the Spybot again and paste that information in a new post...

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:52 AM

Posted 03 March 2008 - 11:50 PM

Hello duroche,

I'd like you to run a new SUPERAntiSpyware scan in Safe Mode. Be sure to update the program first and then set it up as follows.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply, or the one after it if the Spybot log is too long.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 04 March 2008 - 07:04 AM

OK...

here is what I get from scanning with Spybot...

CoolWWWSearch.SmallM: [SBI $2AE320BC] Link (File, nothing done)
C:\Documents and Settings\Danielle\Desktop\Investing .lnk

Vario.RogueAntiSpy: [SBI $A3AA1614] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.3

Vario.RogueAntiSpy: [SBI $B69C6188] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.3

Vario.RogueAntiSpy: [SBI $B50C37D7] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.3.exe 4.3

Vario.RogueAntiSpy: [SBI $D25C53AA] Link (File, nothing done)
C:\Documents and Settings\Scott\Start Menu\Programs\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk

Vario.RogueAntiSpy: [SBI $6181019C] Link (File, nothing done)
C:\Documents and Settings\Scott\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3.lnk

Vario.RogueAntiSpy: [SBI $8E77DEFB] Executable (File, nothing done)
C:\Program Files\VirusHeat 4.3\uninst.exe

Vario.RogueAntiSpy: [SBI $2B44F537] Web page (File, nothing done)
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.url

Vario.RogueAntiSpy: [SBI $B6012CC6] Program directory (Directory, nothing done)
C:\Program Files\VirusHeat 4.3\Lang\

VirusLocker: [SBI $DA0A76F0] Data (File, nothing done)
C:\Documents and Settings\Danielle\Local Settings\Temp\MWLanguage.ini

VirusLocker: [SBI $DA0A76F0] Data (File, nothing done)
C:\Documents and Settings\Scott\Local Settings\Temp\MWLanguage.ini

VirusRanger: [SBI $82E3A5FA] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}

VirusRanger: [SBI $40E5817C] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}

VirusRanger: [SBI $1F4A554F] Data (Directory, nothing done)
C:\Program Files\VirusRanger\

VirusRanger: [SBI $2A7DDC4C] Configuration file (File, nothing done)
C:\Documents and Settings\Danielle\Local Settings\Temp\VRLanguage.ini

VirusRanger: [SBI $DEA11D6E] Library (File, nothing done)
C:\Program Files\VirusRanger\asc4.dll

VirusRanger: [SBI $B411E69D] Library (File, nothing done)
C:\Program Files\VirusRanger\bpw.dll

VirusRanger: [SBI $34171273] Library (File, nothing done)
C:\Program Files\VirusRanger\kernel40.dll

VirusRanger: [SBI $1610651E] Library (File, nothing done)
C:\Program Files\VirusRanger\mm.dll

VirusRanger: [SBI $F05A8840] Data (File, nothing done)
C:\Program Files\VirusRanger\OE.api

VirusRanger: [SBI $59EB1C91] Data (File, nothing done)
C:\Program Files\VirusRanger\OE4.api

VirusRanger: [SBI $1D2A3B44] Library (File, nothing done)
C:\Program Files\VirusRanger\pl.dll

VirusRanger: [SBI $0CCBB101] Log file (File, nothing done)
C:\Program Files\VirusRanger\sdebug.log

VirusRanger: [SBI $ADEAE012] Library (File, nothing done)
C:\Program Files\VirusRanger\stopapi4.dll

VirusRanger: [SBI $66E5A1F0] Data (File, nothing done)
C:\Program Files\VirusRanger\TheBAT.api

VirusRanger: [SBI $782CC3B7] Data (File, nothing done)
C:\Program Files\VirusRanger\UnARJ.api

VirusRanger: [SBI $2DFF7B32] Data (File, nothing done)
C:\Program Files\VirusRanger\UnMSCAB.api

VirusRanger: [SBI $6C146E53] Data (File, nothing done)
C:\Program Files\VirusRanger\unrar.api

VirusRanger: [SBI $6F599608] Data (File, nothing done)
C:\Program Files\VirusRanger\unzip.api

Win32.BHO.je: [SBI $8AA4E23B] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}

Win32.BHO.je: [SBI $EE479BA4] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr

Win32.BHO.je: [SBI $EE479BA4] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1

Win32.BHO.je: [SBI $EE479BA4] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}

Win32.BHO.je: [SBI $EE479BA4] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}

Zlob.Downloader.oid: [SBI $D9A7F62E] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}

Zlob.Downloader.oid: [SBI $4D3C8FCD] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}

Zlob.Downloader.vdt: [SBI $0CA76B24] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{81705D67-3F73-4983-859B-97D0922E5ABE}

Zlob.Downloader.vdt: [SBI $673E8E06] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\videoPl.chl\

AdRevolver: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


Statcounter: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


Clickbank: Tracking cookie (Internet Explorer: Scott) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitsLink: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2004-04-27 unins000.exe (51.13.0.0)
2008-03-03 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2008-02-27 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-27 Includes\DialerC.sbi (*)
2008-02-27 Includes\HeavyDuty.sbi (*)
2008-02-20 Includes\Hijackers.sbi (*)
2008-02-27 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-02-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-02-27 Includes\Malware.sbi (*)
2008-02-27 Includes\MalwareC.sbi (*)
2008-02-20 Includes\PUPS.sbi (*)
2008-02-27 Includes\PUPSC.sbi (*)
2008-02-27 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-27 Includes\SecurityC.sbi (*)
2008-02-20 Includes\Spybots.sbi (*)
2008-02-27 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-27 Includes\Trojans.sbi (*)
2008-02-27 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll



help me please... :thumbsup:

#10 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 04 March 2008 - 07:07 AM

as I said in the previous post... SuperAntiSpyware does not give me any information in the Scanner Log tab... I can tell you that it showed 44 threats... the threats were posted as malware...

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:52 AM

Posted 05 March 2008 - 12:33 AM

Hello duroche,

I had a very LONG day at work today and a drive home in a snowstorm.

Don't worry about the SUPERAntiSpyware log for now, though that is certainly curious that there are no logs listed. The Spybot log has provided enough information to begin the disinfection procedure. Please be sure to post all logs requested and if you have problems or questions, please post them right away. Also, even when your computer is working better, there may still be some clean up to do, so be sure to keep up with the thread until we say you are clean. At this point, I'm going to turn this thread over to someone with more experience than I.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 05 March 2008 - 12:33 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    Posted Image
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 05 March 2008 - 10:46 PM

and here are the results of the malwarebytes scan... lovely...

Malwarebytes' Anti-Malware 1.07
Database version: 460

Scan type: Quick Scan
Objects scanned: 35583
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 48
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 28

Memory Processes Infected:
C:\Program Files\MalwareCore 7.4\MalwareCore 7.4.exe (Rogue.MalwareCore) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ole32.dll (Rogue.MalwareCore) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{343f7ed5-4f1f-4faf-b9c8-5de9f89df1dd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{371d800c-ea03-4f2a-8225-cd6b9db3f636} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c1971fc-9f5d-41d0-91e7-958ce354e0bb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{52168eaf-394c-476c-8891-4cdd0470fea2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c74062f-bdd2-4bdc-8477-557b8ac66950} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{77c60bc3-bc70-4312-8ab1-6661f623b99d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{80a2f7ca-22c8-4435-9716-6f7421631a77} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8150f909-30a4-44af-9293-9e677c03bf3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89170106-7e35-4cd9-b1a5-ae7cde44d159} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e232a63-a5e4-41f9-bce2-d48f524a15f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9fb6637e-fd7a-4f41-bc26-8cce6e48845e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c36b573f-6075-4534-ba1a-eef87028a072} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cef7ac70-5b42-4b91-9c29-d6b47cc5710d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d13d9397-2d78-4cc9-97b7-c22317d7dd0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dc3461e4-cb8c-46a9-a379-f90c12264e16} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ff23845e-21d3-4e96-8cfb-f6d45df3f2b2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{339f31d8-2b4b-44ba-8293-7b99e11e0e0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d4348fb-df43-0334-69b8-dad6ca156781} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000320-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000300-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000303-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000304-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000305-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000306-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000308-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000309-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0000030b-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000315-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000316-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000319-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0000031a-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0000031d-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000327-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0000032e-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0002e005-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0002e006-0000-0000-c000-000000000046} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7a9c6e0-eff2-101a-8185-00dd01108c6b} (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d76b96-30b9-4dcc-9b3d-d12e31280d29} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3d76b96-30b9-4dcc-9b3d-d12e31280d29} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarecore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MalwareCore 7.4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareCore 7.4.exe 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Lang (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\Logs (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\Quarantine (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\ole32.dll (Rogue.MalwareCore) -> Delete on reboot.
C:\Program Files\MalwareCore 7.4\ignorelist.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\MalwareCore 7.4.exe (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\MalwareCore 7.4.url (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\MalwareCore.ini (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\msvcp71.dll (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\msvcr71.dll (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\mwdb.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\uninst.exe (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Lang\English.ini (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 23.02.2008 15-17-16.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 23.02.2008 15-17-16.pak (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 23.02.2008 15-59-11.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 23.02.2008 15-59-11.pak (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 25.02.2008 20-59-55.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\MalwareCore 7.4\Quarantine\qua 25.02.2008 20-59-55.pak (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\blacklist.txt (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\msvcp71.dll (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\msvcr71.dll (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\vht.dat (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\MalwareCore 7.4\MalwareCore 7.4 Website.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\MalwareCore 7.4\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\MalwareCore 7.4\Uninstall MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3 Website.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Desktop\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Start Menu\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 05 March 2008 - 10:58 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 duroche

duroche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 06 March 2008 - 08:12 AM

seems to be working fine... how do i know the infections are gone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users