Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Virus/Google Redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 the_commercial

the_commercial

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:12 PM

Posted 20 May 2011 - 05:16 AM

Hey guys. I'm new here, and I didn't know where else to go. I've had the Google redirect virus for about two months, and now my laptop is also playing random sound clips. I read in a previous thread that you recommended downloading Malwarebytes and posting the log here, so I've done that below. Only problem, though... I ended up uninstalling and then re-installing Explorer 8 and ran Malwarebytes AGAIN (I don't know why, I just thought it would help), but then on the SECOND time I ran Malwarebytes, it said that I don't have any errors, but on the FIRST run (the one logged below), there were several errors. Yet, the random audio clips and redirect virus are still most definitely on my computer. Below is the "bad" log from the first Malwarebytes scan. Let me know if you want me to post the "good" second one. This is a serious and honest request, and any help would be greatly appreciated:



------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6621

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 10:25:16 PM
mbam-log-2011-05-19 (22-25-16).txt

Scan type: Quick scan
Objects scanned: 150715
Time elapsed: 25 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\program files\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\vkluvroisaeycn.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\my documents\downloads\filmfanatic.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\my documents\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\103F5.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\local settings\Temp\0.6294921223615417.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\local settings\Temp\9b88.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\wmsht209.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\application data\Adobe\plugs\mmc133.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\application data\Adobe\plugs\mmc27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18276132.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Seekapp\seekapp132.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.

Edited by SweetTech, 20 May 2011 - 02:20 PM.
moved from Malware to AII forum.--ST


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:12 PM

Posted 20 May 2011 - 02:20 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 AM

Posted 24 May 2011 - 07:11 PM

New topic here: http://www.bleepingcomputer.com/forums/topic399154.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users