Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

asiuoqgusdbaksd.com


  • Please log in to reply
4 replies to this topic

#1 michigan fan

michigan fan

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 04 June 2008 - 08:09 PM

Thanks to bleepingcomputer.com

I too had the same issue as OP. I searched asiuoqgusdbaksd.com on Yahoo and got myself to this thread. I downloaded Malwarebytes, ran the scan, had several infections, and thankfully had them all removed. Now Yahoo and Google links work normal.

Thanks superbird. And I understand ruby1, but relized it would be of no harm to load Malwarebytes on my machine, I didn't have any spyware removal programs on my machine at the time, and knew it would be worth a try.

If superbird is still interested in the logs, I can post them. Please let me know.

Edited by michigan fan, 04 June 2008 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 04 June 2008 - 11:04 PM

Hello I have split your post away. Always make your own topic as it can be confusing to the other posters,especially the topic starter,thanks.
Is this an XP Machine?
Yes please post the scan logs>>>
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 michigan fan

michigan fan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 June 2008 - 05:05 PM

Thanks for splitting out my post out boopme. I planned on creating a separate thread on this topic today and so you did it for me. So, I'll back up a bit and tell what the symptoms were. After doing a successful search on Yahoo or Google, if I clicked on a returned link, instead of going to that link, Internet Explorer would get high jacked and a redirected link would load up. Thankfully, a few moments before the redirect would happen, at the bottom of the page it would show that it was loading a page from asiuoqgusdbaksd.com/go.php?u........ I did a search for asiuoqgusdbaksd and found help here at BleepingComputer.com.
I loaded Malwarebytes tool, did a scan, it found and removed the intrusions and now all is well. My IE's performance has gotten better too - bonus...

Yes the machine is a Windows XP Dell 410 laptop. It's a work or 'company' laptop with a 'company' XP image loaded on it. The company install has Virus and Intrusion Prevention and I thought it was well protected. And because it's a 'company' laptop I'm careful with the kinds of internet sites I visit - G or PG rated only. I'm not sure where I would have picked all these intrusions that didn't get blocked. Anyway, I did get them from sites that I thought would be clean, and that's what I get for thinking like a naive dork. I guess I'll be running my new Malwarebytes scan every day.

Here are the logs. I hope we can all learn from my experience. Thanks


______________________________________________________________________

Malwarebytes' Anti-Malware 1.14
Database version: 826

5:23:09 PM 6/4/2008
mbam-log-6-4-2008 (17-23-09).txt

Scan type: Quick Scan
Objects scanned: 41196
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\swin32.dll (Spyware.Banker) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ffffffff-85a3-452b-b7a8-759ad9b42162} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-85a3-452b-b7a8-759ad9b42162} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\swin32.dll (Spyware.Banker) -> Delete on reboot.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 05 June 2008 - 10:49 PM

Thanks for a fine post to clear thinds up.
Just need to ask if you have rebooted to finish the cleanup up some of the infections.

If all is well with the PC now then please...

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 michigan fan

michigan fan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 06 June 2008 - 12:27 AM

Thanks boopme

The computer reboot (or restart) was initiated by the Malwarebytes program. I just followed the onscreen instructions and when Marwarebytes gave a message saying that in order to finsh the cleanup a restart was required I clicked OK to restart. So yes, the machine was rebooted right away.

Also, thanks for the System Restore recomendation, it's already been performed. While looking for a solution to the initial intrusion I saw this recomendation on a different thread. After running Malwarebytes and seeing that all was better I created a Restore Point as you have described here.

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users