Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clickshield, Primesearch, Jump?


  • Please log in to reply
2 replies to this topic

#1 dave341

dave341

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 31 October 2008 - 04:34 AM

Hi I seem to have a virus or trojan of some kind and everytime I search for something on google and then click on a link from the results found I am being redirected to random website, and in one instant it was a spanish looking website which kept opening up on another window one after the other. Another problem I just noticed is that when I try to open my computer its not loading my drives or anything!

I am a newbie, all I know about security is installing a antiVirus software. I have the following tools but have no idea how to use them. Hijackthis 1.99.1, Malwarebytes, CleanUp452.exe, super anti spyware,

I use a original internet virus software which is McAfee Security Centre (I know people said its not the best)


I would be really greatful if somebody can help me out here :thumbsup:

oh yeah Im running on Vista home premium if that helps

Edited by dave341, 31 October 2008 - 05:14 AM.


BC AdBot (Login to Remove)

 


#2 dave341

dave341
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 31 October 2008 - 04:36 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1340
Windows 6.0.6000

31/10/2008 09:13:17
mbam-log-2008-10-31 (09-12-54).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 333627
Time elapsed: 8 hour(s), 23 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ie.ieplugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{82b7df18-4a9e-42c3-a9ab-b95ef71a7b68} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{abcd178d-419c-442c-9793-88d136c037e6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab7756a2-0fb1-38c0-97aa-5dd6e6c8d040} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ab7756a2-0fb1-38c0-97aa-5dd6e6c8d040} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Users\Paresh\AppData\Roaming\wsnpoem (Trojan.Agent) -> No action taken.

Files Infected:
C:\Windows\System32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\Users\Paresh\AppData\Roaming\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\Users\Paresh\AppData\Roaming\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\xwr38682.dll (Trojan.BHO) -> No action taken.

#3 dave341

dave341
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 31 October 2008 - 06:03 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1340
Windows 6.0.6000

31/10/2008 11:01:43
mbam-log-2008-10-31 (11-01-43).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 333627
Time elapsed: 8 hour(s), 23 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ie.ieplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{82b7df18-4a9e-42c3-a9ab-b95ef71a7b68} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{abcd178d-419c-442c-9793-88d136c037e6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{94edc7ba-1d2a-4dea-9199-1deb916bd6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab7756a2-0fb1-38c0-97aa-5dd6e6c8d040} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab7756a2-0fb1-38c0-97aa-5dd6e6c8d040} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Paresh\AppData\Roaming\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Paresh\AppData\Roaming\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Paresh\AppData\Roaming\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\xwr38682.dll (Trojan.BHO) -> Delete on reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users