Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, Strange Event Logs, Possible Google Redirect Virus


  • This topic is locked This topic is locked
37 replies to this topic

#31 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 AM

Posted 14 August 2011 - 05:09 PM

Gringo, I was curious about the Program Data folder and uploaded a few files to jotti's malware scanner. I did find this:

Trojan.Menti.hhzl - C:\ProgramData\Google\Google Toolbar\Update\gtb744a.tmp.exe

Only ArcaVir had this result so could be FP but just thought I'd let you know.
"I reject your reality and substitute my own."
- Mythbusters

BC AdBot (Login to Remove)

 


#32 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 14 August 2011 - 05:48 PM

If only one vendor is flagging the file then I would not worry about it - but rename the file and see if something breaks and if nothing does then just delete later


as far as the other things you asked about I would not worry about that either



these can be removed also
C:\327788R22FWJFW-------8/13/2011
C:\ComboFix-------------8/13/2011
containing:
grep.cfxxe
NircmdB.exe
NirCmdC.cfxxe
PEV.exe
swreg.cfxxe
swxcalcs.cfxxe



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#33 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 AM

Posted 14 August 2011 - 10:50 PM

Info recieved! Thanks for all the help, Gringo. Donation on the way! :clapping:
"I reject your reality and substitute my own."
- Mythbusters

#34 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 14 August 2011 - 10:57 PM

thank you very much and may you Google in peace



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#35 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 AM

Posted 15 August 2011 - 01:09 PM

I wasn't sure if I should make a new topic in the Windows 7 subforum or post here, so I'm sorry to bother you again, Gringo.

I can't get my hidden folders to hide now. The option is not greyed out or anything it just doesn't hide anything.

And now when I scan items with NOD32, I get mostly errors. For instance, I downloaded Secunia as per your reccomendations,(I always scan setup exe's before running them) and before I ran the setup, I scanned it with NOD32 but got:

Desktop\PSISetup.exe NSIS Entries.bin - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
Desktop\PSISetup.exe NSIS Strings.txt - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
Desktop\PSISetup.exe NSIS Script.nsi - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)

I deleted, redownloaded, same thing. I scanned my shockwave update and got:

Desktop\Shockwave_Installer_Slim.exe NSIS - internal error (5001)

But it's not just those, it's more errors than successful scans. About 75% of scans result in errors. Also I am trying to update my flash player and shockwave but I can't because the "program is in use" even though I didn't have anything open. So let me know if I should move this post to Win 7 or leave it here because I really need some help fixing this mess!
Thanks, Gringo.
"I reject your reality and substitute my own."
- Mythbusters

#36 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 15 August 2011 - 01:14 PM

Hello


post in the windows forum but send me the link - I want to follow this


It does not sound like any malware I have heard of but I do want to know what is going on.


also I will ask someone to look into it.



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#37 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 AM

Posted 15 August 2011 - 02:32 PM

Thanks, I fixed the ESET errors by allowing the "users group" to modify the C:\windows\temp folder...ESET knowledgebase instructions. So the only issue remaining is the hidden folders showing. Here is the link in the win7 subforum: Hidden Folders Won't Hide!
"I reject your reality and substitute my own."
- Mythbusters

#38 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 17 August 2011 - 11:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users