Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery virus followed by Tazinga redirect virus


  • Please log in to reply
5 replies to this topic

#1 NYCmom

NYCmom

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 18 April 2011 - 11:59 PM

Hi.

Earlier today I clicked on a photograph on a blog and the next thing I knew my laptop was going crazy. (I have an HP laptop running Windows Vista designed for Windows XP.)

The Windows Recovery screen came u[p, and all my files disappeared and my screen looked different.

I spent much of the day getting rid of the Windows Recovery virus (or so I thought). I used Malwarebytes Anti-Malware as well as Advanced System Care. But, the color of my screen is still a little off, plus I keep getting this Internet Script error messages. (I use Mozilla Firefox but also have Internet Explore 8 on my laptop.) Now, my web searches on Mozilla Firefox are often being redirected to Tazinga.

Thank you a million times in advance for any help anyone can give me.

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:47 PM

Posted 19 April 2011 - 02:00 AM

Hi there,




We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes: Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 NYCmom

NYCmom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 19 April 2011 - 09:59 AM

I don't seem to be able to run rootrepeal. When I used the direct download option it ran for a long time without doing anything. I tried the zip format and it keeps giving me errors and closing root repeal down.

Do I have to open primary mirror and secondary mirror or should just one of those be enough?

edited to add: tried to run rootrepeal again from internet explorer 8 and it is getting hung up on

C:\hiberfil.sys Locked to the Wndows API!

and below in the gray area it is stalled at C:\I386\

Edited by NYCmom, 19 April 2011 - 11:15 AM.


#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:47 PM

Posted 19 April 2011 - 11:33 AM

Hi there,


Usually one mirror should be enough, the secondary mirror is for the cases when the first one isn't working.
If you can't get one of the instructions I gave you done, go up to the other one.
Try running SUPERAntiSpyware now.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 NYCmom

NYCmom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 19 April 2011 - 02:50 PM

Okay, so I finally managed to run the superantivirus but only in Safe Mode. I am still getting the Internet Script Errors, which mostly reference mevio.com websites.

here is the log after the superantivirus scan (which took about 90 minutes in safe mode).

Thank you again, by the way.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2011 at 03:37 PM

Application Version : 4.50.1002

Core Rules Database Version : 6870
Trace Rules Database Version: 4682

Scan type : Complete Scan
Total Scan Time : 01:20:07

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 7362
Registry threats detected : 0
File items scanned : 95828
File threats detected : 156

Adware.Tracking Cookie
ace.advertising.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
atdmt.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
banners.securedataimages.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
cdn-www.pornhub.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
cdn.insights.gravity.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
cdn2.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
cdn4.specificclick.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
core.insightexpressai.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
crackle.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
ia.media-imdb.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
indieclick.3janecdn.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
interclick.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
m1.2mdn.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.heavy.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.jambocast.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.mtvnservices.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.nbcnewyork.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.onsugar.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.socialvibe.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media.thewb.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
media1.break.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
mediastore.verizonwireless.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
objects.tremormedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
oddcast.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
parksandresorts.wdpromedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
s0.2mdn.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
serving-sys.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
sftrack.searchforce.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
udn.specificclick.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
vidego.multicastmedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
vmixmedia-0.vo.llnwd.net [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
wdw2.wdpromedia.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Erin\Application Data\Macromedia\Flash Player\#SharedObjects\WPXK4A67 ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
www.icityfind.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
www.plomedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
www.findstuff.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
www.find-quick-results.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
www.findstuffforme.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.ar.atwola.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\cookies.sqlite ]
C:\Documents and Settings\Erin\Cookies\erin@ad.yieldmanager[2].txt
C:\Documents and Settings\Erin\Cookies\erin@adserver.adtechus[1].txt
C:\Documents and Settings\Erin\Cookies\erin@adxpose[1].txt
C:\Documents and Settings\Erin\Cookies\erin@g-pixel.invitemedia[1].txt
C:\Documents and Settings\Erin\Cookies\erin@indieclick[1].txt
C:\Documents and Settings\Erin\Cookies\erin@interclick[2].txt
C:\Documents and Settings\Erin\Cookies\erin@invitemedia[1].txt
C:\Documents and Settings\Erin\Cookies\erin@mediabrandsww[1].txt
C:\Documents and Settings\Erin\Cookies\erin@optimize.indieclick[2].txt
C:\Documents and Settings\Erin\Cookies\erin@trafficengine[1].txt

#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:47 PM

Posted 22 April 2011 - 07:19 AM

Hmm, it doesn't seem like the system is affected by a virus anymore.
Let's run another scan just to be sure. If it is so, then there are other causes.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





I'll be away until Monday due to Easter, stay tuned, run the scan for me and post it in your next answer, I will be back to you as soon as I get home.


Thank you,


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users