Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus and possibly other malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 fatherom

fatherom

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 11 November 2009 - 01:18 PM

Hi,

I've run AVG and Malwarebytes and cleaned up a bogus "Antivirus Plus" application as well as bogus DNS entries. I think the only thing left is a google redirect virus (clicking on google hits takes me to random site), so I'd like help removing that, as well as making sure my pc is completely clean from the other stuff I encountered yesterday.

Thanks,

Chris


DDS (Ver_09-10-26.01) - NTFSx86
Run by Christopher OMalley at 13:05:51.60 on Wed 11/11/2009
Internet Explorer: 8.0.6001.18702
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyServer = socks=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [AsusTray] c:program filesasuseeepc acpiAsTray.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_06binssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-11 16:56:03 0 d-sha-r- C:cmdcons
2009-11-11 16:53:10 98816 ----a-w- c:windowssed.exe
2009-11-11 16:53:10 77312 ----a-w- c:windowsMBR.exe
2009-11-11 16:53:10 267264 ----a-w- c:windowsPEV.exe
2009-11-11 16:53:10 161792 ----a-w- c:windowsSWREG.exe
2009-11-11 12:36:23 0 d-----w- c:docume~1christ~1applic~1Malwarebytes
2009-11-11 12:36:10 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-11-11 12:36:08 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2009-11-11 12:36:07 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-11 12:36:07 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-11-11 12:11:16 25214 ----a-w- c:windowssystem32_img359.tmp
2009-11-11 12:11:14 18949 ----a-w- c:windowssystem32_img358.gif
2009-11-11 12:11:12 40965 ----a-w- c:windowsgif32.dll
2009-11-11 01:24:04 12464 ----a-w- c:windowssystem32avgrsstx.dll.install_backup
2009-11-11 01:23:57 360584 ----a-w- c:windowssystem32driversavgtdix.sys.install_backup
2009-11-11 01:23:41 333192 ----a-w- c:windowssystem32driversavgldx86.sys.install_backup
2009-11-11 01:23:39 28424 ----a-w- c:windowssystem32driversavgmfx86.sys.install_backup
2009-11-11 01:23:29 0 d-----w- c:windowssystem32driversAvg
2009-11-11 01:22:27 25608 ----a-w- c:windowssystem32driversAVGIDSxx.sys.install_backup
2009-11-11 01:22:24 161800 ----a-w- c:windowssystem32driversavgrkx86.sys.install_backup
2009-11-11 01:21:21 50968 ----a-w- c:windowssystem32avgfwdx.dll
2009-11-11 01:21:21 30104 ----a-w- c:windowssystem32driversavgfwdx.sys
2009-11-11 00:22:41 0 --sha-w- C:404202197
2009-10-27 02:01:48 220640 ----a-w- c:windowssystem32driversSynTP.sys
2009-10-27 02:01:48 196608 ----a-w- c:windowssystem32SynCtrl.dll
2009-10-27 02:01:48 163840 ----a-w- c:windowssystem32SynCOM.dll
2009-10-27 02:01:48 147456 ----a-w- c:windowssystem32SynTPAPI.dll
2009-10-27 02:01:48 110592 ----a-w- c:windowssystem32SynTPCo4.dll
2009-10-27 02:01:47 0 d-----w- c:program filesSynaptics
2009-10-21 11:54:27 0 d-sh--w- C:Temporary Internet Files

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll
2009-09-01 23:40:15 374526 ----a-w- c:windows701-ASUS-1302.zip
2009-08-29 08:08:21 916480 ------w- c:windowssystem32wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32strmdll.dll
2009-08-14 13:21:25 1850624 ----a-w- c:windowssystem32win32k.sys

============= FINISH: 13:07:48.84 ===============

Just wanted to also mention that I can't boot into safe mode (this is an Asus 701 EEE pc)...it hangs after showing the mpu.sys line.

I can't go into the recovery console either...it says NTLDR is missing.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 11 November 2009 - 10:26 PM.


BC AdBot (Login to Remove)

 


#2 fatherom

fatherom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 11 November 2009 - 11:28 PM

I've decided to reinstall XP...thanks for looking, but I'm all set.

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 17 November 2009 - 10:50 AM

Thanks for letting us know.

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users