Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Virus?


  • Please log in to reply
15 replies to this topic

#1 PHREE13

PHREE13

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 02 February 2010 - 05:13 PM

A few days ago, I started having a problem every time I would search something on Google. When I would click on the search result I would be redirected to a different website that has nothing to do with what I clicked on. I updated and ran both my McAfee and Spybot software. My buddy came over and tried to catch it with Ad-Aware. None of these have caught it and I am still having the problem.


Thank you,
-Brian

BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 05 February 2010 - 11:25 AM

This site has a list of freeware applications:
http://www.bleepingcomputer.com/forums/t/44690/slow-computer/

And there is good information in this topic:
Slow Computer?, Use this troubleshooting checklist

http://www.bleepingcomputer.com/forums/t/44690/slow-computer/

Another topic with EXCELLENT information: How Malware Spreads - How did I get infected

http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 08 February 2010 - 05:18 PM

Did I do this whole topic thing wrong? Or is my topic on a waiting list? I don't mean to sound rude, I just want to make sure I typed out my problem correctly so I can get this resolved.

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 09 February 2010 - 12:31 PM

I have not received any replies to the request for help that I posted either. I don't know why.

Get the following free programs and use them:

You can download the free version of SUPERAntiSpyware from: http://www.superantispyware.com

Malwarebytes` Anti-Malware can be downloaded from:
http://www.malwarebytes.org/mbam.php

CCleaner is a good program. Take the tour, see what the program does, look at the screen shots. It not only cleans your computer, it also has a Registry tool that will check for/fix registry errors, and it also has an "uninstall programs" tool and a "startup" tool.
The website for CCleaner is: http://www.ccleaner.com/

If SUPERAnti-Spyware and Malwarebytes' Antimalware find/fix infected files, you may want to delete your restore points. To delete all restore points, go to Control Panel, System, System Restore tab, put a checkmark in "Turn Off System Restore" and hit Apply.

(After you get all of this fixed, you will probably want to turn System Restore back on. To turn System Restore back on, go to Control Panel, System, System Restore tab, click to take the checkmark out of "Turn Off System Restore" and hit Apply. Then hit OK to close. )

WinPatrol is another program (free) that will alert you to programs added to your startup, and will ask if it is ok with you for a program to be added to your startup. Get the free version of WinPatrol here: http://www.winpatrol.com/


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You might want to try AVG Anti-Virus Free Edition.

http://download.cnet.com/AVG-Anti-Virus-Fr...4-10320142.html

http://free.avg.com/us-en/homepage
If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 PM

Posted 09 February 2010 - 12:33 PM

Hello and welcome
Please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 09 February 2010 - 06:22 PM

I already had Malwarebytes installed and had actually updated it and ran it after getting the virus. I apologize for not stating that before. I didn't however, originally name it zztoy.exe.

I uninstalled just now and downloaded it saving it as zztoy.exe. The quick scan came up empty though. But here is the quick scan log anyway from Feb 2:


Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/2/2010 8:47:14 PM
mbam-log-2010-02-02 (20-47-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 106551
Time elapsed: 57 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 February 2010 - 08:56 AM

Are you still experiencing the original problem that you posted here?
If yes, you will want to check for other infected files.

SUPERAnti-Spyware found infected files on my computer that Malwarebytes' Antimalware did not find.
SUPERAnti-Spyware is free, and you have nothing to lose by scanning with that also.
Please reply with the results of the SUPERAnti-Spyware scan.

Have you tried AVG Anti-Virus Free Edition ? Did it find/fix anything?

Did you get/use ATF Cleaner as recommended by boopme ? If not, do that.
(CCleaner is an alternative to ATF Cleaner. Both programs are free.)

Have you turned off System Restore (deleting all restore points) ?
(Reason for that is to ensure that any infected restore points are removed.
After everything is fixed, you can turn System Restore back on.)

Did you check msconfig to see what has a checkmark in Startup ?
(Start button, Run, type in msconfig, hit Enter, hit Startup tab).
If you are not familiar with this, don't make any changes.
Do reply with a list of the items shown with checkmarks.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#8 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 17 February 2010 - 09:12 PM

Not sure what I'm suppose to do now...

#9 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 17 February 2010 - 09:21 PM

Are you still experiencing the original problem that you posted here?

I read that your most recent Malwarebytes' Anti-Malware scan came up clean (zero infections), and saw your Feb 2 Malwarebytes' log that showed infections that were found/fixed.

If you are still experiencing problems, please report back and specify what problems.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#10 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 17 February 2010 - 10:00 PM

Im still having the original problem I posted. I keep getting redirected after clicking on a link search from google.

#11 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 17 February 2010 - 10:13 PM

Did you follow boopme's instructions to use ATF Cleaner? If you have not done that, you should.

Did you scan with SUPERAntiSpyware ? If you have not done that yet, scan with SUPERAntiSpyware, because sometimes one program will find/fix something that another one didn't find/fix. Make sure you have the latest updates before scanning.

You may need to use Rkill:
"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools."
http://www.technibble.com/rkill-repair-tool-of-the-week/

Is your Malwarebytes' current on updates? Have you scanned again, and is it still coming up "clean" (zero infections found) ?

Please report back.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 PM

Posted 17 February 2010 - 10:57 PM

Hello..
If you didn't disable System restore then leave it alone.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please read and follow these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Next please run part 1 of S!Ri's SmitfraudFix .
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 12 March 2010 - 01:37 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3860
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2010 1:01:27 PM
mbam-log-2010-03-12 (13-01-27).txt

Scan type: Quick Scan
Objects scanned: 143844
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________
GooredFix by jpshortstuff (08.01.10.1)
Log created at 13:24 on 12/03/2010 (Owner)
Firefox version 3.6 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:48 26/08/2008]
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [18:59 29/04/2007]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [03:44 28/04/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [16:16 28/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [22:05 05/11/2007]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [22:28 28/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:52 26/12/2008]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [02:50 23/09/2009]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eda4hs0u.default\extensions\
staged-xpis [13:52 27/07/2007]
zotero@chnm.gmu(2).edu [02:53 28/08/2008]
{20a82645-c095-46ed-80e3-08825760534b} [15:28 08/09/2009]
{3112ca9c-de6d-4884-a869-9855de68056c} [13:52 27/07/2007]
{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [13:52 30/08/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:41 28/08/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:37 24/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [22:26 28/11/2008]

-=E.O.F=-

________________________________
SmitFraudFix v2.424

Scan done at 13:33:32.55, Fri 03/12/2010
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Owner


C:\DOCUME~1\Owner\LOCALS~1\Temp


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://i150.photobucket.com/albums/s103/alwalsh127myspace/headline%20quotes/fqwe.gif"
"SubscribedURL"="http://i150.photobucket.com/albums/s103/alwalsh127myspace/headline%20quotes/fqwe.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 76.78.64.42
DNS Server Search Order: 76.78.65.42

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F5276478-8877-422C-B450-890C877332CF}: DhcpNameServer=76.78.64.42 76.78.65.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F5276478-8877-422C-B450-890C877332CF}: DhcpNameServer=76.78.64.42 76.78.65.42
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EAE15E45-A243-4F55-8D92-0BCB1059D819}: DhcpNameServer=76.78.64.42 76.78.65.42
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F5276478-8877-422C-B450-890C877332CF}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=76.78.64.42 76.78.65.42
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=76.78.64.42 76.78.65.42
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=76.78.64.42 76.78.65.42


Scanning for wininet.dll infection


End

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 PM

Posted 12 March 2010 - 02:35 PM

Hello ,looks like a hit on the malware.. How's it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 PHREE13

PHREE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 15 March 2010 - 06:40 PM

I'm still having the same problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users