Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus/malware


  • Please log in to reply
7 replies to this topic

#1 everette

everette

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 October 2010 - 06:26 PM

Hello

My sons computer seems to be infected with something.

He is running windows seven and Avast anti-virus.

Every time he does a Google search then clicks on the search links it redirects him to some other sites (not the one in the search results).

I was going to run malwarebytes to see if that would find anything but malwarebytes will not even open even in safe mode.

He did a full scan with Avast but it found nothing.

Also in windows messages there was a message that said that there was a problem with Karspy anti-virus but he has never had Karspy anti-virus.

Thank you for any help with this.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:44 AM

Posted 23 October 2010 - 06:53 PM

Would you give RKill a try

http://www.bleepingcomputer.com/forums/topic308364.html
Chewy

No. Try not. Do... or do not. There is no try.

#3 everette

everette
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 October 2010 - 07:40 PM

I ran Rkill and I still get the redirects with Google search and I still can not run malwarbytes.

Here is a log of what Rkill did

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Bryson on 10/23/2010 at 20:29:38.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Users\Bryson\AppData\Local\Temp\Qwh.exe
C:\Users\Bryson\AppData\Local\Temp\Qwo.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 10/23/2010 at 20:29:51.


Below is an example of the redirects from Google search.
I got this after doing a search for bleepingcomputer then clicked the link to come to this site and was redirected to the site listed below.
http://ordian.10538_2728.get-search-results.com/jump1/?affiliate=ordian&subid=10538_2728&terms=bleepigcomputer&sid=Z734044474%40EzX1MjNzIDOz8FM4MjMfVzMfhTNx8FOyQDM4gzN4ITM&a=beqvna&mr=1&rc=0

One other thing is I tried to log in here on this site from my sons computer and it kept saying the wrong user name or password so I came back to my computer and it logged in fine.

Edited by everette, 23 October 2010 - 07:57 PM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:44 AM

Posted 23 October 2010 - 08:31 PM

Immediately after running RKill you might have to try an install of MBAM, update and scan?
Chewy

No. Try not. Do... or do not. There is no try.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:44 AM

Posted 23 October 2010 - 08:40 PM

Please run a free online scan with the ESET Online Scanner

http://www.eset.com/onlinescan/

Note: You will need to use Internet Explorer for this scan
Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start

Make sure that the options Remove found threats is UNCHECKED

Make sure that the option Scan unwanted applications is CHECKED

Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Edited by DaChew, 23 October 2010 - 08:41 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 everette

everette
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 October 2010 - 09:02 PM

Did not work.

I even tried again in safe mode with no networking but still no go.

Sorry I just read your second post I will try the ESET Online Scanner and post back when done.

Edited by everette, 23 October 2010 - 09:04 PM.


#7 everette

everette
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 October 2010 - 09:30 PM

It will not let me go to the ESET site at all.
It says "Internet Explorer Can Not Display The Webpage"

I have Hijack this and tried to open it and it opens but I did not run the scan should I?

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:44 AM

Posted 23 October 2010 - 09:46 PM

We can try a powerful standalone scanner/cleaner that you would have to transfer to his computer by flash drive or cd from your computer

Dues to the nature of this infection I would consider a clean install as the quickest and safest option.

or if you can wait for expert help with this

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users