Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results unrelated and don't know how to remove trojan!


  • Please log in to reply
7 replies to this topic

#1 Alex250P

Alex250P

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 28 December 2008 - 06:24 PM

Hi! I'm new here and really need some help. I got a new computer for Xmas (with vista installed) it's great but when I went on google and searched in for example 'Dog' it came up as usual with the wikipedia page for it but I clicked on it and website trying to get me to buy some software popped up and this happened for every link I clicked on, so I ran Malwarebytes and it found a Trojan so here is the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6001 Service Pack 1

28/12/2008 22:41:53
mbam-log-2008-12-28 (22-41-53).txt

Scan type: Quick Scan
Objects scanned: 43717
Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Alex Hickson\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.


So how can I get rid of it, I clicked remove but it's still happening. I download HijackThis but have no idea what to do with it please help me!!!!

Edited by Orange Blossom, 28 December 2008 - 11:12 PM.
Move from HiJack This forum to Am I Infected as this is a MBAM log only. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 29 December 2008 - 05:30 PM

Update Malwarebytes, run the Full Scan and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Alex250P

Alex250P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 30 December 2008 - 07:38 PM

Okay here is the new one, thanks for replying :thumbsup:

Malwarebytes' Anti-Malware 1.31
Database version: 1579
Windows 6.0.6001 Service Pack 1

31/12/2008 00:34:25
mbam-log-2008-12-31 (00-34-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119601
Time elapsed: 1 hour(s), 18 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\msqpdxmbibqhik.dll (Trojan.TDSS) -> No action taken.
C:\Windows\System32\drivers\msqpdxdirrowpi.sys (Trojan.Agent) -> No action taken.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 30 December 2008 - 08:28 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Alex250P

Alex250P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 31 December 2008 - 10:05 AM

Hi again, I have a problem! When I click F8 to use safe mode, the menu that comes up doesn't say safe mode but the first option is just a load of random letters and numbers so I clicked it and tried running the scan but it said I need to boot up in safe mode?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:18 AM

Posted 31 December 2008 - 11:35 AM

SDFix does not work on Vista.

Your MBAM log indicates some files will be deleted on reboot. If MBAM encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. If you have not rebooted, make sure you do this. When done, rescan again with MBAM and check all items found for removal. Then click the Logs tab and copy/paste the contents of the new report in your next reply. If you did reboot, then rescan again anyway and post a new log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Alex250P

Alex250P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 31 December 2008 - 01:33 PM

Well I don't know what happened but the problem has gone but if your wondering here was the log thanks again!!

Malwarebytes' Anti-Malware 1.31
Database version: 1579
Windows 6.0.6001 Service Pack 1

31/12/2008 18:32:24
mbam-log-2008-12-31 (18-32-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124381
Time elapsed: 1 hour(s), 16 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:18 AM

Posted 31 December 2008 - 02:22 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but newly created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users