Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection to myclickcheck.su


  • This topic is locked This topic is locked
2 replies to this topic

#1 hutchmeister

hutchmeister

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 08 July 2009 - 03:51 AM

Hi,

I'm new to the site - I've recently picked up a virus that more often than not seems to redirect any Google search to a bogus search page or some other site and the address at the bottom of the browser appears to be myclickcheck.su. I'm not sure if this is a common problem, but I've pasted the log below and any help would be much appreciated:

Thanks in advance

hutchmeister


DDS (Ver_09-06-26.01) - NTFSx86
Run by Anthony Hutchinson at 9:32:12.20 on 08/07/2009
Internet Explorer: 7.0.5335.5
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.703.70 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Anthony Hutchinson.ANTHONY\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/uk/itunes/download/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\anthon~1.ant\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\siteco~1.lnk - c:\program files\sitecom\sitecom wireless network usb adapter turbo g wl-172\installer\WLANUTL.EXE
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
LSA: Notification Packages = scecli c:\windows\system32\zumupobi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthon~1.ant\applic~1\mozilla\firefox\profiles\gyegksju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{8876C197-67C2-4B50-AB91-A4186832D6A1}

============= SERVICES / DRIVERS ===============

R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [2008-9-5 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [2008-9-5 725248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-13 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-13 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-13 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-13 298776]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-4 38144]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\buffalo\encrdisk\encrdlg.exe -service_execute --> c:\program files\buffalo\encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2008-12-1 8960]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-12-1 17152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-6-9 33792]
S3 ATHFMWDL;Wireless predator Bootloader driver;c:\windows\system32\drivers\athfmwdl.sys --> c:\windows\system32\drivers\ATHFMWDL.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S4 Network Monitor;Network Monitor;c:\program files\network monitor\netmon.exe service --> c:\program files\network monitor\netmon.exe service [?]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-07 22:08 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-01 17:29 <DIR> --d----- c:\program files\Virtual Earth 3D
2009-06-12 08:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-09 00:33 33,792 -------- c:\windows\system32\drivers\cledx.sys
2009-06-09 00:33 147,425 -------- c:\windows\system32\SYNSOACC-Aide.chm
2009-06-09 00:33 120,468 -------- c:\windows\system32\SYNSOACC-Hilfe.chm
2009-06-09 00:33 114,279 -------- c:\windows\system32\SYNSOACC-Help.chm
2009-06-09 00:33 16,896 -------- c:\windows\system32\drivers\synasUSB.sys
2009-06-09 00:33 708,608 -------- c:\windows\system32\SYNSOACC.dll
2009-06-09 00:33 147,456 -------- c:\windows\system32\SynsoLChk.dll
2009-06-09 00:33 45,056 -------- c:\windows\system32\Synsopos.exe
2009-06-09 00:33 <DIR> --d----- c:\program files\Syncrosoft

==================== Find3M ====================

2009-06-12 08:33 327,688 -------- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 15:49 21,035 -------- c:\windows\system32\drivers\AegisP.sys
2009-05-13 22:43 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-05-13 22:43 108,552 -------- c:\windows\system32\drivers\avgtdix.sys
2005-10-09 12:04 200,846 -------- c:\program files\RuntimeSetup.exe
2005-10-09 12:04 1,068 -------- c:\program files\runtimesetup.ini
2002-07-12 17:33 1,581,056 -----r-- c:\windows\inf\other\MIXER.EXE
2005-07-29 17:24 472 ---shr-- c:\windows\qw50ag9uesbidxrjagluc29u\kqcXu36Rym1Kxrl3u35RwZ6R.vbs
2004-08-04 15:00 73,728 ---sh--- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 9:32:53.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 hutchmeister

hutchmeister
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 10 July 2009 - 08:08 AM

I've just found a page regarding the myclickcheck.su problem which seems to have sorted this infection out:

[url=http://209.85.229.132/search?q=cache:qVxWwK7W9qIJ:clickmyaddsplease.blogspot.com/2009/06/how-to-get-rid-of-and-remove.html+myclickcheck.su&cd=8&hl=en&ct=clnk&gl=uk]http://209.85.229.132/search?q=cache:qVxWw...=clnk&gl=uk[/url]
so far, so good and hopefully it stays that way!

hutchmeister

Edited by Orange Blossom, 12 July 2009 - 11:24 AM.
Deactivate link. ~ OB


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:29 PM

Posted 12 July 2009 - 11:34 AM

Hello

Thank you for letting us know. I'm glad that your computer problems appear to be fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

To others reading this topic: Please note that what may remove the malware from one computer may not work on another and in fact may cause serious harm to another computer.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users