Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some kind of REDIRECT virus! What to do???


  • This topic is locked This topic is locked
26 replies to this topic

#1 nckgbbs

nckgbbs

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 02 August 2011 - 08:44 AM

Hi all!

My computer has recently been infected with some sort of "redirect" virus, which causes (generally) a renegade search engine to pop up when clicking on a link that has come up with a google search.

Now, I've already done scans with (from what I can remember):

CCleaner
Spybot S&D
Lavasoft Ad-aware
Stinger

and some others I can't remember! (sorry about that...)

Each search came up with some problems, and all infected files were quarantined or deleted, but it JUST HAPPENED AGAIN!

I'm VERY annoyed about this, and any help would be GREATLY appreciated!

Thanks a lot,

nckgbbs

BC AdBot (Login to Remove)

 


#2 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 02 August 2011 - 09:35 AM

Welcome aboardPosted Image


well,u can perform scans with some tools untill someone from the bc staff helps u:

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.


THEN


*download kaspersky virus removal tool from here:
http://support.kaspersky.com/viruses/utility

*save it to your desktop.Double-click to open it.

*In order to run automatic scan of your computer by Kaspersky Virus Removal Tool 2010, perform the following actions:

*Open the main application window.
*Go to the Autoscan tab.
*Check the boxes for the areas to be scanned. By default Kaspersky Virus Removal Tool 2010 scans for viruses System memory, Disk boot sectors and *Hidden startup objects. In the main window on the Autoscan tab you can define the scan area by checking the necessary scan areas.
*Select the required actions to be performed on detected threats by clicking the link in the On threat detection line.
*Click on the start scan button.
*Wait until the process is complete.

Posted Image

*Once the scan task is started, the program will detect and automatically delete all known viruses, rootkits, Trojan programs and worms. The *application will perform the following actions on threat detection:

*Prompt when the scan is complete.[reccomended] (if you selected Prompt on completion).
*Prompt for action on each threat detection. (if you select Prompt for action).
*Disinfect or delete; or delete an infected object if disinfection fails[reccomended.] (if you checked Select action: Disinfect and Delete/Delete if disinfection fails).

Posted Image

At the end of disinfection,dont forget to click report and post the log generated here on next comment.


remember on next reply post logs of:
*Mbam.
*kaspersky virus removal tool.

Edited by shreyas1995, 02 August 2011 - 09:40 AM.


#3 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 02 August 2011 - 02:12 PM

  • Malwarebytes/Kapersky LOGS
  • LOGS


Hi there, thank you so much!

Here are a couple of websites I have been redirected to (always with the word "TEST" in the address bar...or this website: "adx.trafficengine.net" for a few seconds):

hxxp://sendensieblumen.com/rd/index.cfm?keywords=geschenkideen+f%C3%BCr+jubil%C3%A4um

hxxp://trak0.com/wp3/c.php?Keywords=geschenkideen+f%C3%BCr+jubil%C3%A4um

AND, bad news? Nothing came up with either a Malwarebytes or a Kapersky Virus Removal search. Here are the logs, nonetheless:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7355

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/08/2011 4:25:12 PM
mbam-log-2011-08-02 (16-25-12).txt

Scan type: Quick scan
Objects scanned: 194214
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


In terms of the Kapersky log, it is so MASSIVE that it looks like I can't paste it here. No threats detected, however. So strange.

Mod Edit: Disabled active link(s).

Edited by quietman7, 02 August 2011 - 02:18 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 PM

Posted 02 August 2011 - 02:20 PM

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Important Note: Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions in this guide.

Alternatively, you can press the WINKEY + R keys on your keyboard or click Posted Image > Run..., and in the Open dialog box, type: inetcpl.cpl
Click OK or press Enter. Click the Connections tab and continue following the instructions in the above guide.

If using FireFox, refer to these instructions to check and configure Proxy Settings under the Connection Settings Dialog.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 02 August 2011 - 02:48 PM

Hi again...

Nothing there either, I'm afraid...


2011/08/02 21:46:23.0531 0140 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 21:46:23.0640 0140 ================================================================================
2011/08/02 21:46:23.0640 0140 SystemInfo:
2011/08/02 21:46:23.0640 0140
2011/08/02 21:46:23.0640 0140 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 21:46:23.0640 0140 Product type: Workstation
2011/08/02 21:46:23.0640 0140 ComputerName: KUTZBACH-863C71
2011/08/02 21:46:23.0640 0140 UserName: isadmin
2011/08/02 21:46:23.0640 0140 Windows directory: C:\WINDOWS
2011/08/02 21:46:23.0640 0140 System windows directory: C:\WINDOWS
2011/08/02 21:46:23.0640 0140 Processor architecture: Intel x86
2011/08/02 21:46:23.0640 0140 Number of processors: 1
2011/08/02 21:46:23.0640 0140 Page size: 0x1000
2011/08/02 21:46:23.0640 0140 Boot type: Normal boot
2011/08/02 21:46:23.0640 0140 ================================================================================
2011/08/02 21:46:25.0687 0140 Initialize success
2011/08/02 21:46:30.0593 3128 ================================================================================
2011/08/02 21:46:30.0593 3128 Scan started
2011/08/02 21:46:30.0593 3128 Mode: Manual;
2011/08/02 21:46:30.0593 3128 ================================================================================
2011/08/02 21:46:30.0906 3128 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/02 21:46:31.0046 3128 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys
2011/08/02 21:46:31.0156 3128 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 21:46:31.0250 3128 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 21:46:31.0375 3128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 21:46:31.0468 3128 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/02 21:46:31.0718 3128 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/02 21:46:31.0859 3128 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
2011/08/02 21:46:32.0078 3128 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/02 21:46:32.0171 3128 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/02 21:46:32.0281 3128 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/02 21:46:32.0375 3128 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/02 21:46:32.0484 3128 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/02 21:46:32.0578 3128 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/02 21:46:32.0687 3128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 21:46:32.0765 3128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 21:46:32.0890 3128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 21:46:33.0000 3128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 21:46:33.0109 3128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 21:46:33.0218 3128 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/08/02 21:46:33.0296 3128 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/08/02 21:46:33.0390 3128 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/08/02 21:46:33.0468 3128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 21:46:33.0562 3128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 21:46:33.0703 3128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 21:46:33.0796 3128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 21:46:33.0890 3128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 21:46:34.0031 3128 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2011/08/02 21:46:34.0250 3128 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/08/02 21:46:34.0421 3128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 21:46:34.0546 3128 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 21:46:34.0656 3128 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 21:46:34.0750 3128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 21:46:34.0843 3128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 21:46:34.0984 3128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 21:46:35.0093 3128 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/08/02 21:46:35.0218 3128 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/08/02 21:46:35.0328 3128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 21:46:35.0421 3128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/02 21:46:35.0546 3128 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/08/02 21:46:35.0640 3128 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 21:46:35.0718 3128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/02 21:46:35.0812 3128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 21:46:35.0906 3128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 21:46:36.0000 3128 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 21:46:36.0093 3128 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/02 21:46:36.0250 3128 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/02 21:46:36.0343 3128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/02 21:46:36.0437 3128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 21:46:36.0546 3128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 21:46:36.0671 3128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 21:46:36.0843 3128 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 21:46:36.0937 3128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 21:46:37.0125 3128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 21:46:37.0234 3128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 21:46:37.0609 3128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 21:46:38.0031 3128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 21:46:38.0531 3128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 21:46:38.0859 3128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 21:46:38.0953 3128 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 21:46:39.0031 3128 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 21:46:39.0109 3128 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 21:46:39.0203 3128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 21:46:39.0296 3128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 21:46:39.0562 3128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 21:46:39.0640 3128 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 21:46:39.0718 3128 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/02 21:46:39.0781 3128 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 21:46:39.0875 3128 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 21:46:39.0953 3128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 21:46:40.0062 3128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 21:46:40.0203 3128 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 21:46:40.0312 3128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 21:46:40.0390 3128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 21:46:40.0468 3128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 21:46:40.0546 3128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 21:46:40.0640 3128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 21:46:40.0718 3128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/02 21:46:40.0796 3128 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/02 21:46:40.0937 3128 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/02 21:46:41.0046 3128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 21:46:41.0156 3128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/02 21:46:41.0281 3128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 21:46:41.0375 3128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/02 21:46:41.0468 3128 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 21:46:41.0546 3128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 21:46:41.0640 3128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 21:46:41.0718 3128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 21:46:42.0281 3128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 21:46:42.0406 3128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 21:46:42.0546 3128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 21:46:42.0640 3128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 21:46:42.0750 3128 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/02 21:46:42.0859 3128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 21:46:42.0937 3128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 21:46:43.0015 3128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 21:46:43.0140 3128 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 21:46:43.0250 3128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 21:46:43.0312 3128 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 21:46:43.0406 3128 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 21:46:43.0562 3128 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 21:46:43.0921 3128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 21:46:44.0015 3128 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/02 21:46:44.0125 3128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 21:46:44.0265 3128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 21:46:44.0359 3128 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 21:46:44.0625 3128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 21:46:44.0718 3128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 21:46:44.0781 3128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 21:46:44.0875 3128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 21:46:44.0968 3128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 21:46:45.0062 3128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 21:46:45.0187 3128 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

#6 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 03 August 2011 - 01:15 AM

ok.time to take a deeper look:

*Download escan removal tool.it will download two files.
http://support.mwti.net/support/index.php?_m=downloads&_a=viewdownload&downloaditemid=12

* To remove escan setup properly from your system just run esremove.exe .

*After unistallation complete you will get pop "eScan removed Sucessfully."

*After download completion,double click on saved file.

*The scan window will open,update if asked otherwise perform a full scan.

*IT will remove anything found automaticlly.

*Come back with results.


#7 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 02:10 AM

Thank you very much, but as soon as I click on the downloaded esremove.exe, it says: "ERROR!! Failed to get eScan Install directory."

What to do????

#8 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 03 August 2011 - 02:13 AM

http://update1.mwti.net/akdlm/download/tools/mwav.exe


try new link

#9 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 02:50 AM

Hi...what boxes should I click on the eScan AV window? Scan only? Scan and clean?

THANKS!

#10 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 03 August 2011 - 02:51 AM

scan and clean option

#11 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 02:54 AM

Should "REGISTRY" be checked? This won't cause problems if the virus is in the registry? ("noob" question??!!)

#12 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 03 August 2011 - 03:02 AM

yes

everything should be checked..... :lol:

#13 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 03:16 AM

Folder (C:\WINDOWS)?? Include Sub-Directory? :busy: :busy: :busy:

#14 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 03:16 AM

Folder (C:\WINDOWS)?? Include Sub-Directory? :busy: :busy: :busy:

#15 nckgbbs

nckgbbs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 August 2011 - 03:16 AM

Folder (C:\WINDOWS)?? Include Sub-Directory? :busy: :busy: :busy:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users