Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Redirected to Personal Security Scan when on Internet


  • Please log in to reply
9 replies to this topic

#1 ron_c

ron_c

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 31 January 2010 - 05:32 PM

About a week ago I had a pop up box appear on my computer while on the internet that stated "Warning!!! Your personal computer needs to install antivirus software! Personal Security can perform fast and free scan of our computer". Without thinking I clicked on the close box to stop this and it started running a scan. I turned off the power switch to the computer immediately and restarted my computer. I ran a scan with Spyware Doctor v6.0.0386 and it found Trojan.Agent and was removed. I also scanned with ESET NOD32 v3.0.684.0, Malwarebytes, SuperAntiSpyWare and Spybot Search and Destroy and those programs didn't find anything after scanning with Spyware Doctor first. I'm still getting the Personal Security Warning once a day when starting the computer for the first time that day and getting on the Internet. One of the times I received the Warning, it read the very same Warning but it read that "Antivar can perform fast and free scan of your computer instead of Personal Security". Didn't fall for it and clicked on the lower right icon to exit the internet. After doing this I can usually get back on the internet and no more Warnings for that day.


DDS (Ver_09-12-01.01) - NTFSx86
Run at 16:11:57.43 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.413 [GMT -6:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Spyware Doctor\upgrade.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ron Childress\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uStart Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinColorReminder] c:\program files\pro imaging powertoys\microsoft color control panel applet for windows xp\WinColorReminder.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BOC-427] c:\progra~1\comodo\cboclean\BOC427.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206493336709
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258905464625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [2009-12-9 132424]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-11-10 40840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-5 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-5 25160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34824]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-11-10 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-11-10 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2009-1-21 73464]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-1-5 723632]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-10-24 468224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-10 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-10 1079176]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 135664]
S3 AR5513;AR5513;c:\windows\system32\drivers\ar5513.sys [2005-9-13 358464]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2006-12-14 70528]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM V1.01 (Envy24HT-S Eval. Only);c:\windows\system32\drivers\Envy24HF.sys [2006-12-20 561144]
S3 i740;i740;c:\windows\system32\drivers\i740nt5.sys [2008-6-30 58592]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
UnknownUnknown rootrepeal;rootrepeal; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
txtfile=c:\windows\NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-01-31 19:50:36 0 d-----w- c:\program files\ieSpell
2010-01-31 15:22:07 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-30 17:05:43 0 d-----w- c:\program files\Enigma Software Group
2010-01-13 16:31:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-31 15:35:58 1680972 ----a-w- c:\windows\cscmondump.bin
2010-01-30 18:03:55 171552 ----a-w- c:\windows\system32\guard32(2)(2).dll
2010-01-28 16:29:07 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-28 16:29:05 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-28 16:29:04 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet(2)(2).dll
2010-01-05 10:00:28 1168384 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2010-01-05 10:00:28 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2010-01-05 10:00:24 268288 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2009-12-28 17:37:12 43387 ----a-w- c:\windows\browser.exe
2009-12-25 22:39:24 124425 ----a-w- c:\windows\cscmon.bin
2008-09-20 21:02:51 80 --sh--r- c:\windows\system32\E82EA2B78D.dll

============= FINISH: 16:12:52.12 ===============

Attached Files


Edited by ron_c, 31 January 2010 - 06:52 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 01 February 2010 - 06:57 AM

Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 ron_c

ron_c
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 February 2010 - 02:08 PM

I had a lot of trouble trying to use the GMER program. The scans would take over 4 hours to complete with no other programs running and when it was finished and I would click on Copy and the system would freeze up not allowing me to do anything. I had to turn off the power switch to restart the computer. This happened 4 times. I did try running GMER and unchecking everything but one of the boxes at a time and was able to complete the scans. Hope this helps you.

On Modules, Processes, Threads, Libraries, Services, Registry, Files and ADS I received the message "GMER hasn't found any system modifications".

The file was to large to upload so sent it in as Zip file.

Attached Files


Edited by ron_c, 02 February 2010 - 02:19 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 03 February 2010 - 08:01 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:






It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 ron_c

ron_c
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 03 February 2010 - 11:17 AM

Here is the Combo-Fix Scan you requsted.

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 04 February 2010 - 06:48 AM

Please show hidden files and folders

Please find this one file and delete it manually

c:\windows\system32\E82EA2B78D.dll


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

How's the computer now? Still getting redirected? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 ron_c

ron_c
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 04 February 2010 - 01:51 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
# version=7
# IEXPLORE.EXE=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e8c1e64713ba2741b205ef2421a4a22b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-04 06:39:37
# local_time=2010-02-04 12:39:37 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 50278437 50278437 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 100 0 33180212 0 0
# compatibility_mode=8195 39157157 100 100 0 39485559 0 0
# scanned=60587
# found=2
# cleaned=2
# scan_time=2502
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Downloaded Programs\RegistryFix\registryfix.exe a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Yesterday. I did NOT get redirected to Personal Security and I think also Tuesday but can't be sure and so far today it hasn't redirected. It will redirect me within 30 minutes of starting my browser and usually the first thing after the browser has started.

Also do Recheck both "Hide extensions for known file types option and Hide protected system files (recommended) option"?

Do I also restore the c:\windows\system32\E82EA2B78D.dll?

Edited by ron_c, 04 February 2010 - 02:02 PM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 February 2010 - 07:18 AM

QUOTE
Also do Recheck both "Hide extensions for known file types option and Hide protected system files (recommended) option"?


Yup..

QUOTE
Do I also restore the c:\windows\system32\E82EA2B78D.dll?


Nope.. If you feel to restore it, make sure you rename the extension as E82EA2B78D.dll.old



Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread smile.gif



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 ron_c

ron_c
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 05 February 2010 - 05:31 PM

Yesterday, today and probably Wednesday I haven't been redirected to Personal Security for a scan, so everything appears to be ok. Lets close this thread as "Resolved". Thanks a bunch for your help on this matter. There is one matter I would like to ask about and that is my antivirus and antimalware programs says that Registry Fix 7 is a Virus/Adware/Malware. Sometime back when I first received this alert I looked on line for more information and at that time there seemed to be RegistryFix Malware and Registry Fix 7 which is a Registry Cleaner. Now when I try to go to the Registry Fix 7 web site it is blocked by Eset. So my question is, is Registry Fix 7 the Registry Cleaner a safe program or is it Malware?

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 February 2010 - 08:31 PM

QUOTE
So my question is, is Registry Fix 7 the Registry Cleaner a safe program or is it Malware?


Regardless whether its legit or malware, we never encourage a "Registry Cleaner" program due to certain reasons..

If the "program" somehow delete a "wrong" registry key or value, you might get the computer is not working properly as it should.. Worst case scenario would be unbootable computer and we certainly do not want that..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users