Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search bar redirect Java infection?


  • This topic is locked This topic is locked
26 replies to this topic

#1 dennpars

dennpars

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 14 February 2009 - 10:16 PM

Hi all,

New to BC and I have a problem with redirects using the google search bar in both IE and firefox. If I search for anything using the search bar or the location bar I will get a list of web sites with relevant titles, but I can see that the website associated with those titles are not relevant.

If I search using the google homepage this does not happen.

It may have something to do with Java because if I run FF in safemode and disable Java I can use the search bar and location bar to search without incident.

I have run Adaware, Malware bytes, superantispyware and search and destroy several times. They found issues which were cleaned and I have run all again and they have found no further infection. Here is the log from MBAM. Any help?

Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

2/14/2009 9:59:25 PM
mbam-log-2009-02-14 (21-59-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170123
Time elapsed: 57 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 14 February 2009 - 10:30 PM

Hello is your Java up to date. Check what version of Java Runtime Environment (JRE) you have in Control Panel and let me knkoew . Also do you notice the term 'googlegored in the address bar, click the back arrow after the fredirect.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 15 February 2009 - 11:56 AM

Running JRE 6, latest update is 11 it looks like.

I also have a couple of updates for J2SE 5.0, can I safely get rid of those?

I should also mention that I've run ATF cleaner as well cleaning all of the cache and temporary programs.

There is nothing regarding googlegored in the address bar proceeding the redirect. Maybe I'm using the term redirect incorrectly. There really isn't any page changing happening on a search, it's just that the search results aren't correct. I've copied a partial search result here for my google search for US News.

It also happens when I change to yahoo search in the search bar, not just google.

#
US News & World Report - Breaking News, World News, Business News ...
Feb 15, 2009 ... US News and World Report gives you breaking headline news from the world, national and international news on business and financial news.
best-products-here.com - 40k - Cached - Similar pages
Rankings
Education
Best Hospitals
Health

Nation & World
Best High Schools
Contact Us
Business
#
Best College Rankings, Best Graduate School Rankings, Best ...
America's Best Colleges, Graduate Schools, High Schools, Hospitals, Health Plans, Cars and Trucks, Places to Retire, Leaders, and Businesses listed all in ...
www.newser.com - 40k - Cached - Similar pages
#
Best Colleges - Education - US News and World Report
U.S. News has collected data from more than 1400 colleges to bring you this year's rankings. Start by selecting a discipline for access to our top program ...
antivirus-scan.com/us+news - 34k - Cached - Similar pages
#
National Universities Rankings - Best Colleges - Education - US ...
U.S. News & World Report. Friday, February 06, 2009. Search U.S. News .... U.S. News & World Report student loan comparison by: ...
aandahomeinspections.building.offic - 71k - Cached - Similar pages
More results from colleges.usnews.rankingsandreviews.com
#
U.S. News - Headlines, Stories and Video from CNN.com
CNN brings you headlines, video and news stories from around the US.
www.post344.org - 112k - Cached - Similar pages


Thanks,

Dennis

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 15 February 2009 - 01:37 PM

Hi,yes delete all the old ones and reboot the PC.
I was looking to see if it was a specific infection for which there is a specific tool.

From your regular user account run SAS next:
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 15 February 2009 - 07:13 PM

Performed as directed, the scan showed no detected files. The scan log didn't save for some reason so I can't post it.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 15 February 2009 - 08:42 PM

Hello, sometimes this happens and it comes back after a shut down and reboot. Also it sometimes shows up in the Admin or other user account.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 16 February 2009 - 07:22 AM

Found it.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2009 at 05:43 PM

Application Version : 4.25.1012

Core Rules Database Version : 3724
Trace Rules Database Version: 1698

Scan type : Complete Scan
Total Scan Time : 00:58:56

Memory items scanned : 211
Memory threats detected : 0
Registry items scanned : 5242
Registry threats detected : 0
File items scanned : 20839
File threats detected : 0

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 16 February 2009 - 11:03 AM

Well glad it was at least there. Do we still have the redirect as i don't see anything removed?
Next run part 1:
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Edited by boopme, 16 February 2009 - 11:05 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 16 February 2009 - 02:05 PM

Yes, redirect still there. I misspoke before, when I disable javaSCRIPT the redirect goes away. Not Java.

I am out of town until Friday evening and I will perform the smitfraud clean when I get home.

Thanks again,

Dennis

#10 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 February 2009 - 09:37 AM

SmitFraudFix v2.398

Scan done at 9:32:26.20, Sun 02/22/2009
Run from C:\Documents and Settings\Dennis Parsons\Desktop\Ad Ware\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.spywareinfo.com
127.0.0.1 spywareinfo.com

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Dennis Parsons


C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp


C:\Documents and Settings\Dennis Parsons\Application Data


Start Menu


C:\DOCUME~1\DENNIS~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 24.247.15.53
DNS Server Search Order: 24.247.24.53

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB005B5D-722D-47F7-AD52-7E5216FB2551}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB005B5D-722D-47F7-AD52-7E5216FB2551}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB005B5D-722D-47F7-AD52-7E5216FB2551}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53


Scanning for wininet.dll infection


End

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 22 February 2009 - 03:18 PM

Please run one more tool SDFix:
Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 February 2009 - 10:34 PM

Here is the SDFix log, redirect still present after running SDFix.



SDFix: Version 1.240
Run by Administrator on Sun 02/22/2009 at 10:16 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 22:23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="D:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance Trial\\MW4.exe"="C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance Trial\\MW4.exe:*:Enabled:MechWarrior IV"
"D:\\Program Files\\Ritual Entertainment\\Heavy Metal - FAKK2\\fakk2.exe"="D:\\Program Files\\Ritual Entertainment\\Heavy Metal - FAKK2\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"D:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"="D:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe:*:Enabled:American McGee's Alice"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\magic\\program\\Magic\\Manalink.exe"="C:\\magic\\program\\Magic\\Manalink.exe:*:Enabled:manalink"
"D:\\Program Files\\redlightcenter\\redlightcenter\\Redlightcenter.exe"="D:\\Program Files\\redlightcenter\\redlightcenter\\Redlightcenter.exe:*:Enabled:Redlightcenter"
"D:\\Program Files\\Xfire\\xfire.exe"="D:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\en3e334.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\jkcgwfd.dll"
Wed 25 Oct 2006 50,176 ...H. --- "C:\Documents and Settings\Dennis Parsons\Desktop\~WRL0002.tmp"
Sun 3 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"

Finished!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 22 February 2009 - 11:40 PM

Hi,there are two malware in the hidden files . SO, Show hidden files and then update and rescan with MBAM.

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 February 2009 - 08:23 AM

Done as directed, no malicious programs found.


Malwarebytes' Anti-Malware 1.34
Database version: 1795
Windows 5.1.2600 Service Pack 3

2/23/2009 08:22:49 AM
mbam-log-2009-02-23 (08-22-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193287
Time elapsed: 1 hour(s), 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 dennpars

dennpars
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 February 2009 - 10:24 PM

Out of ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users