Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus, windows 7 64x


  • Please log in to reply
3 replies to this topic

#1 carc

carc

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 09 August 2010 - 02:25 AM

Hi, thanks in advance for the help. Usual search engine redirect issues in FF/IE, haven't noticed anything aside from that, possibly some system slowdown globally. Running win7 64x.

Got this from a yahoo messenger spam contact that my wife foolishly clicked. Have not noticed much else, but I immediately did a system restore once I figured it out the next day, and uninstalled/reinstalled AVG, along with running many different antispy/malware programs in a completely uncoordinated manner. None of that worked, so here I am. Already changed all my passwords from another PC.


1. TDSSkiller: flagged 'sptd' service as suspcious (not malicious) and did not turn up anything else. Quarantined sptd it, but still present on reboot, even after uninstalling daemontools. Deleted the appropriate registry entry and it went away for good.


2. MAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4409

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/9/2010 12:14:58 AM
mbam-log-2010-08-09 (00-14-58).txt

Scan type: Quick scan
Objects scanned: 129615
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




3. What next?

Edited by carc, 09 August 2010 - 10:43 PM.


BC AdBot (Login to Remove)

 


#2 carc

carc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 09 August 2010 - 07:49 PM

ESET online scan log:

C:\backup\SwSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7e1ebec0-7244059d multiple threats deleted - quarantined
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3177fde8-2e668c29 multiple threats deleted - quarantined


Still having redirect issues, in IE and FF. Someone help!

Edited by carc, 09 August 2010 - 10:43 PM.


#3 carc

carc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 August 2010 - 12:23 AM

Just checked; also happening in google chrome.

#4 carc

carc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 12 August 2010 - 01:25 AM

IE 64 bit is not affected, which sorta makes sense if this is a rootkit type thing.



Come on, someone please walk me through this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users