Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search results go to spam site


  • Please log in to reply
1 reply to this topic

#1 Glamazon Huntress

Glamazon Huntress

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 20 September 2009 - 12:16 PM

Hello,

When I click on search results, they go directly to a spam website. I've been trying to fix this with anti-malware software such as Hijack This, MalwareBytes and Superantispyware but when I try to scan, the program shuts down. When I try to re-open it a message pops up saying Windows cannot access the file and I do not have permission to access it. I am using Windows XP.

I did use MalwareBytes and it scanned completely and showed that I have two trojans (did not get the chance to log them) and I had to reboot my computer. However when I rebooted, the problems were still there and I cannot scan with MalwareBytes anymore.

I used Avira Antivir and it says I have HTML/Infected.webpage.gen HTML script virus.

I downloaded Win32kDiag, so here is that log:



Running from: C:\Documents and Settings\Chloe\Desktop\tater.scr

Log file at : C:\Documents and Settings\Chloe\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29B.tmp\ZAP29B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 03:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\AVSETUP_4aa8468e\AVSETUP_4aa8468e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

BC AdBot (Login to Remove)

 


#2 Glamazon Huntress

Glamazon Huntress
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 20 September 2009 - 02:10 PM

Update: I downloaded IOBit Security 360 1.0 and it found these:

trojan.downloader
tojan.dropper
malware.trace
trojan.fakealert

So I quarantined and removed them and rebooted my computer but I am still having the same problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users