Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus 2010 with browser redirector


  • This topic is locked This topic is locked
12 replies to this topic

#1 bitguy

bitguy

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 01 April 2010 - 12:03 PM

I have been dealing with this little bugger for a while. Here is what I have done so far.

Removed xp antivirus with malwarebyte and followed up with super antispyware and spybot.

Google chrome seems to be inoperable, I uninstalled firefox, and I am now using Internet Explorer.

Virus seems to be off the computer but when I browse my google searches are redirected and eventually
the virus seems to pop back on, even if I just have my browser open without actviely accessing the internet.


I have temporarily removed AVG as it seemed to be completely ineffective in dealing with this problem.

Any help you can offer would be greatly appreciated. :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 01 April 2010 - 01:11 PM

Hello,I 'd like to sse if it shows here.. run these thanks.


Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 01 April 2010 - 03:08 PM

Thank you for your fast reply. Here are the logs:


GooredFix log

GooredFix by jpshortstuff (08.01.10.1)
Log created at 13:51 on 01/04/2010 (HP_Administrator)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [15:39 17/11/2007]
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [21:29 23/04/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [22:24 22/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [16:46 03/09/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [04:46 17/12/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:46 17/12/2008]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04:49 11/02/2010]

-=E.O.F=-


Malwarebyte log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3944

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/1/2010 2:04:53 PM
mbam-log-2010-04-01 (14-04-53).txt

Scan type: Quick scan
Objects scanned: 137382
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 01 April 2010 - 03:19 PM

Good a couple of hits.. Now an online scan... Tell me how it is after this..

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 02 April 2010 - 12:54 AM

Browsed with IE after ESET scan and the redirector is still active.



Here is the Eset log file:




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f903987929d0645b102b289abd5d2f6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-02 05:49:17
# local_time=2010-04-01 11:49:17 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=195472
# found=1
# cleaned=1
# scan_time=16927
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FSVDYY4C\s002106201317r0409X942a3f0cYdf9aca0dZ0100f080[1].pdf JS/Exploit.Pdfka.BXG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Edited by bitguy, 02 April 2010 - 12:58 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 02 April 2010 - 08:55 AM

How is Chrome now? Actually First install an AV ,scan,post log and then try Chrome. We need an AV on here before we go on the Webs.
try... AntiVir

What version(s) of JAVA are running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 02 April 2010 - 02:54 PM

Chrome is still not working even after running AntiVir.


Java programs:

J2SE runtime environment 5.0 update 5
JAVA 6 update 17

When I was browsing to bleeping computer to post this I got the xp antivirus again. I noticed several java icons
pop up in my toolbar as IE was redirected and the xp antivirus pop-ups starting showing up on my screen


Here is the Antivir log:


Avira AntiVir Personal
Report file date: Friday, April 02, 2010 09:36

Scanning for 1953516 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SEBHP7330N

Version information:
BUILD.DAT : 10.0.0.561 32098 Bytes 3/18/2010 15:46:00
AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/7/2010 23:57:10
AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/2/2010 18:48:47
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 17:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 17:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 17:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 17:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 17:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 17:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 17:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 17:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 21:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 21:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 23:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 15:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 15:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 19:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:33:23
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 15:33:24
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 15:33:24
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 15:33:25
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 15:33:26
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 15:33:28
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 15:33:29
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 15:33:30
VBASE027.VDF : 7.10.6.19 2048 Bytes 4/1/2010 15:33:30
VBASE028.VDF : 7.10.6.20 2048 Bytes 4/1/2010 15:33:30
VBASE029.VDF : 7.10.6.21 2048 Bytes 4/1/2010 15:33:31
VBASE030.VDF : 7.10.6.22 2048 Bytes 4/1/2010 15:33:31
VBASE031.VDF : 7.10.6.23 7680 Bytes 4/2/2010 15:33:31
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 18:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/2/2010 15:33:40
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 00:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 17:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/2/2010 15:33:39
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 4/2/2010 15:33:38
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 15:33:34
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/2/2010 15:33:34
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 15:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/2/2010 15:33:33
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 18:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.1.2 52072 Bytes 1/29/2010 17:47:41
AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/8/2010 00:02:30
AVARKT.DLL : 10.0.0.13 227176 Bytes 3/7/2010 23:48:41
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/5/2010 16:09:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, April 02, 2010 09:36

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '45' Module(s) have been scanned
Scan process 'dllhost.exe' - '50' Module(s) have been scanned
Scan process 'vssvc.exe' - '52' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '58' Module(s) have been scanned
Scan process 'sched.exe' - '60' Module(s) have been scanned
Scan process 'avshadow.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '61' Module(s) have been scanned
Scan process 'iPodService.exe' - '36' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '68' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '22' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '37' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '36' Module(s) have been scanned
Scan process 'KBD.EXE' - '48' Module(s) have been scanned
Scan process 'DiscStreamHub.exe' - '61' Module(s) have been scanned
Scan process 'ehmsas.exe' - '37' Module(s) have been scanned
Scan process 'DiscGui.exe' - '49' Module(s) have been scanned
Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
Scan process 'ctfmon.exe' - '30' Module(s) have been scanned
Scan process 'DiscUpdateMgr.exe' - '42' Module(s) have been scanned
Scan process 'DISCover.exe' - '54' Module(s) have been scanned
Scan process 'ARPWRMSG.EXE' - '22' Module(s) have been scanned
Scan process 'ehtray.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'Explorer.EXE' - '100' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '27' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '54' Module(s) have been scanned
Scan process 'dllhost.exe' - '64' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'MDM.EXE' - '27' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'jqs.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'ehSched.exe' - '28' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '87' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '32' Module(s) have been scanned
Scan process 'arservice.exe' - '31' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'spoolsv.exe' - '74' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '184' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1723' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Documents and Settings\HP_Administrator.SEBHP7330N\My Documents\Downloads\rkill.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XCVDV190\2[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XCVDV190\2[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '4d159214.qua'.
C:\Documents and Settings\HP_Administrator.SEBHP7330N\My Documents\Downloads\rkill.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to the quarantine directory under the name '527abda3.qua'.


End of the scan: Friday, April 02, 2010 12:23
Used time: 2:27:53 Hour(s)

The scan has been done completely.

19647 Scanned directories
933916 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
933914 Files not concerned
17322 Archives were scanned
0 Warnings
2 Notes
664035 Objects were scanned with rootkit scan
0 Hidden objects were found

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 02 April 2010 - 03:35 PM

Since it now looks as if there is no malware here . Try uninstalling and reinstalling again.. If still no joy ask in the Browsers forum. Someone will know more. I do not use Chrome and don't want to guess.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 02 April 2010 - 10:14 PM

Removed and reinstalled chrome...still not working. Bug may have altered my network settings which prevents chrome from working.

I will try the browser forum but it's not just that chrome is not working but rather that the redirector is hijacking Firefox and IE and reinstalling the virus every time I launch them.


Thanks for all your help.

#10 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 02 April 2010 - 11:19 PM

boopme..I don't mean do be a pain here since you are helping me out for nothing more than
a thanks, but I went to the browser forum and it doesn't seem to fit my issue.

The issue seems to be a redirector/hijacker that re-installs the virus. Do you have any other suggestions?

Edited by bitguy, 02 April 2010 - 11:22 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 03 April 2010 - 08:17 AM

Yes, I was not aware the firfox was still Hijacking .. We will find this..
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bitguy

bitguy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 03 April 2010 - 04:02 PM

Created new post

New Post

Ran GMER twice but it seems to lock up at the end.

Copied DDS file and attached attach file to new post.

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:05 PM

Posted 03 April 2010 - 10:23 PM

Hello,

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users