Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"go Google" Search Engine Links Redirect


  • Please log in to reply
1 reply to this topic

#1 Gibbo M8

Gibbo M8

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 29 September 2008 - 07:13 AM

Search Engine Links Redirect!
Hi, I'm using a computer that is around 3 years old and it is run on windows xp. Recently when AVG Anti Virus Protection stopped their free memberships I ran my computer for atleast a month and a half without any protection what-so-ever.

I woke up one day and my screen saver had changed to like some thing saying your computer is infected with spyware go on this site and buy this to remove it. Also a fake anti-virus/spyware was installed called anti-virus xp 2008 or something and said I had like 2800 Viruses lol! I'm pretty good on computers (but I'm no profesional) and I worked out how to delete it. I also found a apparently very good Internet Security Suite that is run by F-Secure and is called Optus Internet Security Suite 2008 (Scans, Firewall, Virus/Spyware/Malware...) anywayz it got rid of a heap of viruses prob around 200 and around 100 spyware. So I assumed my computer was all safe again...

I worked out my computer definetely isn't in a safe state a few days ago when whenever i tryed to open a link on google it would re-direct me! I tryed to go on technical support sites but they wouldn't work so ATM im restricted to a proxy server. Also Blue error screens (BSOD) come up after the computer hasnt been in use for around 10mins. Fortunately i worked out these were fake after a bit of study... Anywayz enough chatter lol i just want you to help me get rid of the last stage of my computers infection!

I've read one other persons issue that is very closely related to mine and i followed the tech dude's instructions even though they weren't aimed at me and i downloaded MalwareBytes Anti-Malware and scanned and got rid of a few things and all my problems went away and then came back like 10 mins later lol... I also downloaded Hijackthis and i'v also done a scan on that. So here i'll send them in a sec lol... just realised this comp wont let me attatch... FRIGGEN SPYWARE AND VIRUSES

HI-JACK THIS LOG!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:54 PM, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.EXE
D:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
D:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
D:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
D:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.download.com
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - Winlogon Notify: epabhaio - epabhaio.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6027 bytes


EDIT- Also downloaded ComboFix and that found nothing but I'll show log if you request!
EDIT-Would you like to see Malware Bytes log?

Edited by Gibbo M8, 29 September 2008 - 07:14 AM.


BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:49 AM

Posted 08 October 2008 - 10:14 AM

Hello Gibbo M8

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users