Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Virus - Seachandclick37


  • This topic is locked This topic is locked
2 replies to this topic

#1 frodo111

frodo111

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 06 August 2010 - 01:13 AM

Hi all. I managed to get a redirect virus that redirects webpages and/or hides search results. FYI, I've done a few self-help things from looking over other forum posts, which I probably shouldn't have been doing on my own - nothing worked yet. Thanks for any help/advice you can give!

Here's my DDS log, and i've uploaded my GMER log as well


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob at 23:20:48.25 on Thu 08/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2014.948 [GMT -7:00]


============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32ibmpmsvc.exe
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32AEADISRV.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesNVIDIA CorporationPerformance DriversnvPDsvc.exe
C:Windowssystem32DRIVERSxaudio.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k secsvcs
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskhost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesPreSonus1394AudioDriver_FireBoxFireBox.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesiPodbiniPodService.exe
C:WindowsSystem32svchost.exe -k LocalServicePeerNet
C:Windowssystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32taskhost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersRobDesktopdds.scr
C:Windowssystem32conhost.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:windowssystem32userinit.exe,c:program filesmicrosoftdesktoplayer.exe,c:program filescommon filesadobecalibrationadobe gamma loadersrv.exe,c:program filesmicrosoftdesktoplayersrv.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:progra~1micros~4office12GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
uRun: [Google Update] "c:usersrobappdatalocalgoogleupdateGoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:program filesanalog devicescoresmax4pnp.exe
mRun: [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
StartupFolder: c:usersrobappdataroamingmicros~1windowsstartm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupfirebo~1.lnk - c:program filespresonus1394audiodriver_fireboxFireBox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:progra~1micros~4office12GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:progra~1micros~4office12GR469A~1.DLL
Hosts: 89.149.193.137 www.google.com
Hosts: 89.149.193.137 us.search.yahoo.com
Hosts: 89.149.193.137 uk.search.yahoo.com
Hosts: 89.149.193.137 search.yahoo.com
Hosts: 89.149.193.137 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:program filesnvidia corporationperformance driversnvPDsvc.exe [2009-7-20 4446752]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32driversnetw5v32.sys [2009-6-10 4231168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32driversVSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:windowssystem32driversVSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32driversVSTCNXT3.SYS [2009-7-13 661504]

=============== Created Last 30 ================

2010-08-06 05:12:11 0 d-----w- c:programdataSun
2010-08-06 05:11:26 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-08-06 02:58:15 0 d-sh--w- C:$RECYCLE.BIN
2010-08-06 02:39:00 98816 ----a-w- c:windowssed.exe
2010-08-06 02:39:00 77312 ----a-w- c:windowsMBR.exe
2010-08-06 02:39:00 256512 ----a-w- c:windowsPEV.exe
2010-08-06 02:39:00 161792 ----a-w- c:windowsSWREG.exe
2010-08-06 02:38:48 0 d-----w- C:ComboFix
2010-08-05 14:44:11 0 d-----w- c:usersrobappdataroamingMalwarebytes
2010-08-05 14:43:56 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-08-05 14:43:55 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-08-05 14:43:55 0 d-----w- c:programdataMalwarebytes
2010-08-05 14:43:55 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-08-05 06:44:14 0 d-----w- c:program filesriva
2010-07-31 23:39:24 0 d-----w- c:programdataNVIDIA Corporation
2010-07-31 23:25:05 0 d-----w- c:program filesSystemRequirementsLab
2010-07-21 05:59:22 0 d-----w- c:programdatawinLAME
2010-07-21 05:59:21 0 d-----w- c:program fileswinLAME
2010-07-09 23:20:08 279656 ----a-w- c:windowssystem32oemdspif.dll
2010-07-09 23:20:08 110696 ----a-w- c:windowssystem32nvmctray.dll
2010-07-09 23:20:06 588392 ----a-w- c:windowssystem32nv3dappshext.dll
2010-07-09 23:20:06 53864 ----a-w- c:windowssystem32nv3dappshextr.dll
2010-07-09 23:20:06 1881704 ----a-w- c:windowssystem32nvsvcr.dll
2010-07-09 23:20:06 1469544 ----a-w- c:windowssystem32nvsvc.dll
2010-07-09 23:20:06 13939816 ----a-w- c:windowssystem32nvcpl.dll
2010-07-09 23:20:06 129640 ----a-w- c:windowssystem32nvvsvc.exe

==================== Find3M ====================

2010-07-07 20:46:46 604776 ----a-w- c:windowssystem32nvuninst.exe
2009-07-14 04:56:42 31548 ----a-w- c:windowsinfperflib0409perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:windowsinfperflib0409perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:windowsinfperflib0409perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:windowsinfperflib0409perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:program filesdesktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:windowsinfperflib0000perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:windowsinfperflib0000perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:windowsinfperflib0000perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:windowsinfperflib0000perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:windowsfontsStaticCache.dat
2010-01-22 15:30:42 245760 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2009-07-14 01:14:45 396800 --sha-w- c:windowswinsxsx86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86cWinMail.exe

============= FINISH: 23:21:01.99 ===============

Merged 2 posts. ~ OB

Should I just wipe and reinstall?

Attached Files

  • Attached File  ark.txt   17.28KB   3 downloads

Edited by Budapest, 06 August 2010 - 07:27 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 frodo111

frodo111
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 07 August 2010 - 02:18 AM

Mods - please delete this post. I am just going to wipe. Thanks.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 08 August 2010 - 04:15 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users