Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't think I'm infected, I' sure I am.


  • This topic is locked This topic is locked
13 replies to this topic

#1 CalusBlade

CalusBlade

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 11 April 2010 - 01:59 PM

Alright so today I went to the library to do some update and downloads. Now the first thing I notice a few days ago was that windows security popped up a few times saying norton is not up to date. It was only maybe 1-2weeks old, normally it would pop up after 30 days old. But I didn't think it was a big deal since it does go away. Now today I went to go to my web games such as evony.com or kamikazegames.com and yes I know these site are safe because I been going there with my other computer before it blew out. When I went to one of the download sites (didn't start downloads yet) the windows security popped up again and this time didn't disappear. So I decided to update norton through the lower right hand side. It still didn't disappear and when I started the download, the firewall turned off and this Windows Anti-malware 2010 turned on. I knew something was wrong so I canceled it and it kept rescanning and such. Now I shut down and turned it back on at home and norton found about 18 viruses and clean them all but that stupid Anti-malware still kept popping up. I used msconfig and went to start up to located anything I found odd and deleted it. THe anti-malware thing doesn't come out anymore but I'm sure there are still some special little guess in my computer. So aside form making sure, is there any chance someone in the library attacked my computer?

BC AdBot (Login to Remove)

 


#2 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 11 April 2010 - 06:03 PM

alright I just finish mal-ware scan. There are 2, the first is the updated version, the second is a later version.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3978

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/11/2010 7:01:35 PM
mbam-log-2010-04-11 (19-01-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 158013
Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.62,93.188.166.168 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{068f006d-d7cf-43c8-9c52-8e1d9095ce11}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.62,93.188.166.168 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{068f006d-d7cf-43c8-9c52-8e1d9095ce11}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.62,93.188.166.168 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22f716c5-f5e8-4d6b-9d55-0c556495cf4a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.62,93.188.166.168 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{DD3818F8-C59B-432C-9F92-935109DA7D23}\RP1\A0000041.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskchk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004348.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\kenny\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

---------
Malwarebytes' Anti-Malware 1.44
Database version: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/11/2010 4:47:15 PM
mbam-log-2010-04-11 (16-47-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 20394
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.
c:\documents and settings\all users\application data\acccore\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spservice (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.
c:\documents and settings\all users\application data\acccore\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

#3 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 11 April 2010 - 08:59 PM

Spybot - search and destroy found:

Mircosoft.windowssecuritycenter_disabled
Mircosoft.windowssecuritycenter.antivirusoverride
Mircosoft.windowssecuritycenter.firewalloverride


And I also found out i can't go into safe mode ether. Also when I go to google and click on links, I get put into another site sometimes and it has nothing to do with the link I clicked on. Let say I google bleepingcomputers and click on the first link given, it will send me somewhere else. only the second click will send me where I want.

I'm gonna post the anti-spyware log tomorrow. If anyone can help me check/get rid of what's left, I really appreciate it.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 11 April 2010 - 09:14 PM

Hello and welcome..
Let's do these.
First see if we can fix safe mode and scan.

SUPERAntiSypware (SAS) has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection.

Please download SUPERAntiSpyware Free
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.
Obviously we don't need to install SAS again....
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 12 April 2010 - 05:39 PM

I can run safe mode again. This is a safe mode scan.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/12/2010 at 03:54 PM

Application Version : 4.26.1004

Core Rules Database Version : 4795
Trace Rules Database Version: 2607

Scan type : Complete Scan
Total Scan Time : 02:32:47

Memory items scanned : 204
Memory threats detected : 0
Registry items scanned : 5402
Registry threats detected : 0
File items scanned : 72774
File threats detected : 0


It runs ok but still seems alittle slow. Also the windows security pops up saying norton isn't up to date and disappears later. Also internet seems alittle slow too. It also seems that when I google with firefox and I click a link, I get redirected to another site. I even google things like gamefaqs.com and when I click on the one I know thats gamefaqs, it redirects me to another site.

Edited by CalusBlade, 12 April 2010 - 09:17 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 12 April 2010 - 09:24 PM

OK lets' do 2 and see if things are better.

First run RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot your computer after running rkill as the malware programs will start again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



ESET Online
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 13 April 2010 - 07:36 PM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/13/2010 7:17:49 PM
mbam-log-2010-04-13 (19-17-49).txt

Scan type: Quick scan
Objects scanned: 100921
Time elapsed: 18 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/13/2010 8:35:34 PM
mbam-log-2010-04-13 (20-35-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 158696
Time elapsed: 1 hour(s), 17 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 13 April 2010 - 09:09 PM

Are you running the ESETscan?

Any reason why you have not moved up to IE 7 or 8?

What JAVA if any are running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Are the redirects gone?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 April 2010 - 09:37 PM

yea I'm running it right now and I don't have IE 7/8 because I normally don't use it. As for Java I found these 2:
J2SE Runtime environment 5.0 update 6
Java™ 6 Update 15

---------------------
This is the log for Eset:
I couldn't get the log but what was found was a Win32.badge.worm or something really close to it.

As for GooredFix I need to do it tomorrow.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 15 April 2010 - 02:15 PM

OK, post that when you can. Updatye me on how it;s running.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 15 April 2010 - 05:44 PM

this is the gooredfix and redirects are still going on.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 18:43 on 15/04/2010 (kenny)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 23/05/2008]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [16:20 26/08/2009]

C:\Documents and Settings\kenny\Application Data\Mozilla\Firefox\Profiles\rz5prpn2.default\extensions\
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [18:17 24/02/2009]
{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD} [18:46 24/02/2009]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [20:26 04/08/2008]
{c2f863cd-0429-48c7-bb54-db756a951760} [22:42 12/12/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:20 26/08/2009]

-=E.O.F=-

Edited by CalusBlade, 15 April 2010 - 05:47 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 15 April 2010 - 07:24 PM

Hi, I am truly suspecting that this is a hidden rootkit now.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 PM

Posted 15 April 2010 - 09:16 PM

you need to post that log in a new topic here...
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:13 PM

Posted 17 April 2010 - 11:17 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/310122/google-redirect-virus/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users