Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search redirect


  • Please log in to reply
7 replies to this topic

#1 bunghole1

bunghole1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 June 2010 - 03:28 AM

links are redirected when i choose from search results

had the antivirus soft malware/virus - got rid of it by restoring to earlier time

I just attached all the logs (copy/paste froze my system)

everytime i try to attach the dds log it won't let me, and when i try to copy/paste the log it won't let me post that

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Timestamp: Fri, 10 Mar 2006 00:29:27 UTC


Message: Access is denied.

Line: 1
Char: 8210
Code: 0
URI: http://www.bleepingcomputer.com/forums/jsc...s/ips_attach.js

OTL logs attached

Attached Files


Edited by boopme, 16 June 2010 - 11:25 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:24 PM

Posted 20 June 2010 - 09:48 AM

Hi,

Your post is a few days old. If you still need help with the re-directions simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 bunghole1

bunghole1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 21 June 2010 - 12:32 AM

replying for help

#4 shelf life

shelf life

  • Malware Response Team
  • 2,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:24 PM

Posted 21 June 2010 - 04:54 PM

We will get a download to use. Its called Combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply. Link:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 bunghole1

bunghole1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 22 June 2010 - 04:56 AM

combofix won't run, tells me some files are bad - yet I can't delete it from my system

"some installation files are corrupt
please download a fresh copy"

it won't let me close the one(s) that attempted to open


Edited by bunghole1, 22 June 2010 - 04:59 AM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:24 PM

Posted 22 June 2010 - 07:07 PM

You can get this utility that will remove Combofix for you:

download OTCleanIt and save it to desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


After you run it try the other link to download combofix. There are two links one can use in the guide to download combofix


You can also run TDSSkiller:
Please download TDSS Killer.zip and save it to your desktop
Extract the zip file to your desktop
double click the utility to start it. Follow the prompts.
Please post the report.txt that will be generated in your root drive C: after its done running

After the above, check Malwarebytes for updates, scan and post its log also:

click the MBAM icon on your desktop. Once the program has loaded, click the Update tab, then check for updates. Select Scanner tab, Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items. If prompted please chose yes to restart your computer.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

So.....
1) try Combofix using the other link
2)Run TDSSkiller and post the log
3)check malwarebytes for update, scan and post its log




How Can I Reduce My Risk to Malware?


#7 bunghole1

bunghole1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 23 June 2010 - 05:32 AM

tdss / malwarebytes got rid of it i think

no tdss report ?

malwarebytes report

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4227

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/16/2006 9:55:17 PM
mbam-log-2006-03-16 (21-55-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 259566
Time elapsed: 1 hour(s), 39 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\apxmxt.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gvuwo (Trojan.Hiloti) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\apxmxt.dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP45\A0029472.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP45\A0029477.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0024963.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0024968.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP40\A0027345.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP40\A0027350.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP42\A0027669.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP42\A0027674.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43\A0027936.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43\A0027941.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0029205.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0029210.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP47\A0030744.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP47\A0030749.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP48\A0031016.exe (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP48\A0031011.exe (Trojan.KillAV) -> No action taken.
C:\Documents and Settings\Janet\Local Settings\Temp\wtYY.exe (Trojan.Hiloti) -> No action taken.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:24 PM

Posted 23 June 2010 - 05:28 PM

ok thanks for the info. You looked in your root C drive for the TDSS text file.
After you ran Malwarebytes you restarted your computer?
Are the re-directions gone now?
did you try downloading Combofix again using the other link?

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users