Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Complete reinstall and still having problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 Havoc079

Havoc079

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 01:40 AM

I just completely reinstalled my windows and i'm still getting redirecting and i'm also still not able to get onto malwarebytes site and i can't use microsoft update or download.. Is there a chance when i put some stuff on my flash drive that when i took the drivers off that flash drive to update my computer it could have reinfected me? if so what do i need to do to a. clean this off and b. clean my flash drive
any help will be greatly appreciated

BC AdBot (Login to Remove)

 


#2 Havoc079

Havoc079
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 02:29 AM

i've scanned this computer 3 times and gotten the same problems each time.. ill post the most recent first and the other two in following replies

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4095

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/13/2010 3:28:54 AM
mbam-log-2010-05-13 (03-28-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 126124
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{648e4f26-bd48-4bda-b906-dd725a4d48d7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 Havoc079

Havoc079
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 02:33 AM

this is the very first scan i did as you can tell by the times these were all done within a relatively short time.. the only reasosn the first one i posted has 3:30 time is because i changed my clock from pacific to eastern in the middle of the scan.. all 3 scans were done within an hour of each other and i haven't been to very many sites to pick up anything at all and all 3 have the same dsnc changer

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4095

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/12/2010 11:55:56 PM
mbam-log-2010-05-12 (23-55-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 119747
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{648e4f26-bd48-4bda-b906-dd725a4d48d7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Havoc079

Havoc079
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 02:35 AM

this is the second scan that i did when i included my flash drive which i think might have been infected with a few files taht i took off and put on there before i reinstalled windows so i could ahve them backed up.. heres' the log for that
as you can see in all 3 i'm getting the same trojan and it will not go away. its causing redirects and i can't update microsoft and i can't install avg and I got the same online protection tool virus pop up earlier on firefox
help please this is getting rediculous

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4095

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/13/2010 12:18:43 AM
mbam-log-2010-05-13 (00-18-43).txt

Scan type: Full scan (J:\|)
Objects scanned: 113313
Time elapsed: 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{648e4f26-bd48-4bda-b906-dd725a4d48d7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
J:\il0byu3h.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

#5 Havoc079

Havoc079
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 02:38 AM

i've also went back adn just checked my registery and BOTH of those files that were supposedly deleted are still there.. any help is greatly appreciated.. If you cannot help me here at least give me a site where people will actually help because i posted about this 2 days ago and got no response

#6 Havoc079

Havoc079
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 May 2010 - 05:46 PM

bump still need help

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:26 PM

Posted 15 May 2010 - 02:24 PM

Hello,

You are receiving assistance for this issue here: http://www.bleepingcomputer.com/forums/t/316654/online-protection-tool-virus-and-google-redirect-virus/

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please note that our helpers are not on 24/7 and that they are helping many people with computer issues. Further, they often need to do research in order to assist you. This takes time.

It is important that you follow your helper's instructions and not do things on your own as this makes your helper's job much more difficult and prolongs the disinfection process. If you are unable to follow those instructions, you need to inform your helper of that and why you are unable to do so.

Equally important, you should not create any more topics on this issue. Doing so confuses things for everyone involved and makes the malware removal process more difficult. It is akin to having more than one surgeon doing a surgery and none of them are in communication with each other. How will the patient fare under those circumstances? Not well.

This topic is now closed to avoid further confusion. Good luck with your topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users