Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirection


  • Please log in to reply
1 reply to this topic

#1 itzmichelle

itzmichelle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 14 October 2010 - 04:06 AM

I seem to be having trouble with my broswer. It keeps redirecting me to a website called scour.com I put my computer in safe mode. Ran Malwarebytes and SuperAntispyware... It detected some infections after the scan was complete the computer restarted and I still keep getting redirected to different websites like...Scour.com and Happili.com. I'm not really good with computers, So I would appreciate it if someone could help me.

I will be posting my Malwarebytes and SuperAntispyware scan logs shortly.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4820

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10/14/2010 05:52:23
mbam-log-2010-10-14 (05-52-23).txt

Scan type: Quick scan
Objects scanned: 143670
Time elapsed: 14 minute(s), 45 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Users\aaron\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\aaron\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\aaron\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\aaron\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\aaron\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

Edited by itzmichelle, 14 October 2010 - 05:53 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:31 AM

Posted 15 October 2010 - 10:40 PM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users