Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 stephensonrn

stephensonrn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 26 August 2009 - 03:06 PM

Hi,

I am trying to fix my sisters laptop, which seems to have had a variety of Malware on it.

I have been reading this forum and others and so I have run CCleaner, Superantispyware Free Edition, Malwarebytes AntiMalware and Spybot.

I have also installed Kaspersky Internet Security 2009 (I am counting this as my Antivirus and Firewall software.) as it was a free download from Barclays Bank.

In my opinion, I seem to have removed quite a few trojans but I still have the problem of redirected Google results. I can search for things OK but when I click the result I get sent to other websites (from memory these were traffdrive.net and clickforclicks.com).

I also cannot download onto this laptop, when I try, I get a no internet connection message. I believe this malware redirects me to myself. I am therefore currently using another computer and transferring the .exe/download files by usb stick.

I have tried to follow your instuctions for this post, so the DDS.txt file is as follows:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Carly at 20:43:04.12 on 26/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.374 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Documents and Settings\Carly\Desktop\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
Notify: klogon - c:\windows\system32\klogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carly\applic~1\mozilla\firefox\profiles\3r5f65zj.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-25 226832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-9-18 5504]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-08-26 01:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-26 00:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-26 00:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 00:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-26 00:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 22:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-25 13:34 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-25 13:34 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-08-25 13:32 3,501,600 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-25 13:32 581,664 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 13:32 28,436 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-25 13:32 3,068 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 13:32 <DIR> --d----- c:\program files\Kaspersky Lab
2009-08-25 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-08-25 13:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-25 02:00 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-25 01:35 <DIR> --d----- c:\windows\system32\scripting
2009-08-25 01:35 <DIR> --d----- c:\windows\l2schemas
2009-08-25 01:35 <DIR> --d----- c:\windows\system32\en
2009-08-25 01:13 <DIR> --d----- c:\windows\EHome
2009-08-25 00:41 <DIR> -cd-h--- c:\windows\ie8
2009-08-25 00:39 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-25 00:18 30,180 a---h--- c:\windows\system32\mlfcache.dat
2009-08-24 22:09 <DIR> --d----- c:\docume~1\carly\applic~1\PC Tools
2009-08-24 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-24 20:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-24 20:46 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-24 20:46 <DIR> --d----- c:\docume~1\carly\applic~1\SUPERAntiSpyware.com
2009-08-24 20:40 <DIR> --d----- c:\program files\CCleaner
2009-08-24 18:54 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-24 18:53 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-24 18:53 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-24 18:53 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-24 18:53 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-24 18:53 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-24 18:53 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-24 18:53 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-24 18:53 <DIR> --d----- C:\5d3078f56017032158b893ec3a63
2009-08-24 18:50 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-24 18:49 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-24 18:42 <DIR> --d----- c:\windows\ie8updates
2009-08-24 18:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-24 16:54 <DIR> --d----- c:\docume~1\carly\applic~1\Malwarebytes
2009-08-24 16:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-24 16:05 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-24 11:43 25,471 -------- c:\windows\system32\drivers\watv10nt.sys
2009-08-24 11:43 22,271 -------- c:\windows\system32\drivers\watv06nt.sys
2009-08-24 11:43 11,935 -------- c:\windows\system32\drivers\wadv11nt.sys
2009-08-24 11:43 11,871 -------- c:\windows\system32\drivers\wadv09nt.sys
2009-08-24 11:43 11,807 -------- c:\windows\system32\drivers\wadv07nt.sys
2009-08-24 11:43 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys
2009-08-24 11:39 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-08-24 10:47 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-24 10:47 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-24 10:45 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-24 10:45 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-24 10:45 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-24 10:45 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-24 10:45 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-08-24 10:45 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-24 10:45 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-24 10:45 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-08-24 10:45 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-24 10:45 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-08-24 10:45 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-24 10:45 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-24 10:44 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-24 10:44 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-24 10:44 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-24 10:43 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-24 10:42 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-24 10:42 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-24 10:42 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-24 10:42 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-24 10:42 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-24 10:42 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-24 10:40 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-24 10:37 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-24 10:37 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-24 10:32 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-23 23:54 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-08-23 23:53 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-08-23 23:53 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-08-23 23:53 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-08-05 10:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 08:11 3,300 a------- c:\windows\system32\OEMINFO.PNF
2009-07-29 22:02 <DIR> --dsh--- c:\documents and settings\carly\PrivacIE
2009-07-29 22:02 <DIR> --dsh--- c:\documents and settings\carly\IECompatCache
2009-07-29 21:59 <DIR> --dsh--- c:\documents and settings\carly\IETldCache
2009-07-29 21:26 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-07-29 21:25 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-07-29 21:24 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-07-29 21:24 <DIR> --d----- c:\windows\system32\bits
2009-07-29 21:23 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-07-29 21:16 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-07-29 05:37 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-29 05:37 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll

==================== Find3M ====================

2009-08-25 14:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-08-25 01:39 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll

============= FINISH: 20:44:23.62 ===============

My Kaspersky Scan report is as follows: (I'm not sure if this is the correct one though)

Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
25/08/2009 13:41:14 Task started
25/08/2009 13:44:44 Detected: http://www.viruslist.com/en/advisories/Host.Vulnerability C:\WINDOWS\system32\drivers\etc\hosts
25/08/2009 13:44:45 Disinfected: http://www.viruslist.com/en/advisories/Host.Vulnerability C:\WINDOWS\system32\drivers\etc\hosts
25/08/2009 13:44:45 Task completed
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
25/08/2009 14:09:59 Task started
25/08/2009 14:10:32 Detected: http://www.viruslist.com/en/advisories/34572 C:\program files\microsoft office\office\powerpnt.exe
25/08/2009 14:10:41 Detected: http://www.viruslist.com/en/advisories/35314 C:\program files\itunes\itunes.exe
25/08/2009 14:10:42 Detected: http://www.viruslist.com/en/advisories/35091 C:\program files\quicktime\quicktimeplayer.exe
25/08/2009 14:54:59 Detected: http://www.viruslist.com/en/advisories/25215 C:\Nis2006\NAV\External\NORTON\APP\NAVComUI.dll
25/08/2009 14:57:42 Detected: http://www.viruslist.com/en/advisories/34580 C:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
25/08/2009 15:03:15 Detected: http://www.viruslist.com/en/advisories/35364 C:\program files\microsoft office\office\EXCEL.EXE
25/08/2009 15:03:19 Detected: http://www.viruslist.com/en/advisories/29321 C:\program files\microsoft office\office\MSO9.DLL
25/08/2009 15:03:20 Detected: http://www.viruslist.com/en/advisories/29320 C:\program files\microsoft office\office\OUTLLIB.DLL
25/08/2009 15:03:48 Detected: http://www.viruslist.com/en/advisories/34572 C:\program files\microsoft office\office\powerpnt.exe
25/08/2009 15:03:53 Detected: http://www.viruslist.com/en/advisories/35377 C:\program files\microsoft office\office\WINWORD.EXE
25/08/2009 15:11:16 Detected: http://www.viruslist.com/en/advisories/25215 C:\recover\Nis2006\NAV\External\NORTON\APP\NAVComUI.dll
25/08/2009 15:13:16 Detected: http://www.viruslist.com/en/advisories/34580 C:\recover\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
25/08/2009 15:14:42 Detected: http://www.viruslist.com/en/advisories/31744 C:\recover\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
25/08/2009 15:15:25 Detected: http://www.viruslist.com/en/advisories/35364 C:\recover\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
25/08/2009 15:15:27 Detected: http://www.viruslist.com/en/advisories/29320 C:\recover\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
25/08/2009 15:15:39 Detected: http://www.viruslist.com/en/advisories/34572 C:\recover\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
25/08/2009 15:15:54 Detected: http://www.viruslist.com/en/advisories/35377 C:\recover\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
25/08/2009 15:25:34 Detected: http://www.viruslist.com/en/advisories/36127 C:\recover\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
25/08/2009 15:29:33 Detected: http://www.viruslist.com/en/advisories/32270 C:\recover\WINDOWS\system32\Macromed\Flash\Flash8a.ocx
25/08/2009 15:59:39 Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
25/08/2009 15:59:45 Task completed
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
25/08/2009 16:38:45 Task completed
25/08/2009 16:36:54 Task started
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
25/08/2009 22:07:42 Task started
25/08/2009 22:07:43 Task completed
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
25/08/2009 22:08:56 Task started
25/08/2009 22:36:48 Task stopped
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
26/08/2009 13:28:38 Task completed
26/08/2009 13:25:49 Task started
Quick Scan: completed 25/08/2009 13:44:45 (events: 54, objects: , time: 00:00:00)
26/08/2009 15:08:56 Task started
26/08/2009 15:11:34 Detected: http://www.viruslist.com/en/advisories/34572 c:\program files\microsoft office\office\powerpnt.exe
26/08/2009 15:12:17 Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\quicktimeplayer.exe
26/08/2009 15:38:00 Detected: http://www.viruslist.com/en/advisories/25215 c:\Nis2006\NAV\External\NORTON\APP\NAVComUI.dll
26/08/2009 15:43:02 Detected: http://www.viruslist.com/en/advisories/29321 c:\program files\microsoft office\office\MSO9.DLL
26/08/2009 15:43:02 Detected: http://www.viruslist.com/en/advisories/35364 c:\program files\microsoft office\office\EXCEL.EXE
26/08/2009 15:43:03 Detected: http://www.viruslist.com/en/advisories/29320 c:\program files\microsoft office\office\OUTLLIB.DLL
26/08/2009 15:43:15 Detected: http://www.viruslist.com/en/advisories/34572 c:\program files\microsoft office\office\powerpnt.exe
26/08/2009 15:43:30 Detected: http://www.viruslist.com/en/advisories/35377 c:\program files\microsoft office\office\WINWORD.EXE
26/08/2009 15:47:43 Detected: http://www.viruslist.com/en/advisories/25215 c:\recover\Nis2006\NAV\External\NORTON\APP\NAVComUI.dll
26/08/2009 15:48:41 Detected: http://www.viruslist.com/en/advisories/34580 c:\recover\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
26/08/2009 15:50:25 Detected: http://www.viruslist.com/en/advisories/31744 c:\recover\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
26/08/2009 15:50:57 Detected: http://www.viruslist.com/en/advisories/29320 c:\recover\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
26/08/2009 15:51:16 Detected: http://www.viruslist.com/en/advisories/34572 c:\recover\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
26/08/2009 15:51:21 Detected: http://www.viruslist.com/en/advisories/35364 c:\recover\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
26/08/2009 15:51:38 Detected: http://www.viruslist.com/en/advisories/35377 c:\recover\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
26/08/2009 16:03:34 Detected: http://www.viruslist.com/en/advisories/36127 c:\recover\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
26/08/2009 16:06:26 Detected: http://www.viruslist.com/en/advisories/32270 c:\recover\WINDOWS\system32\Macromed\Flash\Flash8a.ocx
26/08/2009 16:43:16 Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
26/08/2009 16:43:34 Task completed

I hope you can help!

Thanks

Ross

Attached Files



BC AdBot (Login to Remove)

 


#2 stephensonrn

stephensonrn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 27 August 2009 - 06:57 AM

I have been working on this and seem to have solved the problem.

I followed some advice from the pctools.com forum and downloaded HostsXpert.

This found that the hosts file in windows/i386 was read only so couldnt revert it to the original file.

I bravely (!!!) moved the file to my desktop and then HostsXpert installed a new template of the hosts file.

All the redirections have stopped since then!

I guess you can close this thread now.

Thanks

Ross

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:31 PM

Posted 04 September 2009 - 12:44 PM

Hello

Thank you for posting back. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users