Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-BNK.Win32.Keylogger.gen (Can't shake it)


  • Please log in to reply
5 replies to this topic

#1 abbygayle

abbygayle

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 04 August 2011 - 12:14 AM

So, I've got this Trojan-BNK.Win32.Keylogger.gen thing on my desktop. I"ve followed a tutorial that brought me to bleepingcomputer. (It involved running rkill.exe files...something or other) and I've tried a handful of other things such as:
1. Went back and did a system restore at a point about a week and a half ago.
2. Ran Malware bytes and Super Anti-Spyware. Neither found anything substantial.
3. Tried doing a fixexe.reg that I found somewhere. Hasn't made a change.

I don't get that initial so-called windows security warning saying I'm infected anymore, but things still aren't running right.

At this point, I can get my way around a few, very few, sites. But, I can not get on any of the sites that I regularly surf (fantasy baseball, news sites, ebay, etc...) I don't know if this is because these were the sites that were up initially when I got this trojan message. I don't know what's going on, but I can't back to surfing the web properly. I've tried restarting computer and turning off modemand router, etc..

The thing that kind of also confuses me is that I am unable to get on these same sites on any of the 3 other wireless devices in the house. Should it affect my other computers abilities to access sites as well? I"m stumped. I can't figure out what's going on and what I need to do to fix this and get back to normal. Any ideas, PLEASE! Thanks!

Edited by abbygayle, 04 August 2011 - 12:21 AM.


BC AdBot (Login to Remove)

 


#2 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 04 August 2011 - 12:40 AM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

#3 abbygayle

abbygayle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 04 August 2011 - 11:12 AM

Thanks for the reply. Here's the report I get after running ESET.

C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\153893d8-171435d9 a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined
C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4f18cf7d-342316ee Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined

#4 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 04 August 2011 - 11:43 AM

rerun escan and post the fresh logs back here.


*Download escan removal tool.
http://update1.mwti.net/akdlm/download/tools/mwav.exe

*After download completion,double click on saved file.

*The scan window will open,update it perform a full scan.Choose scan and clean.

*IT will remove anything found automaticlly.

*Come back with results.

Edited by shreyas1995, 04 August 2011 - 11:45 AM.


#5 abbygayle

abbygayle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 04 August 2011 - 04:09 PM

I did a rerun on escan and it said "No Threats Found". Should I delete the items that have been quarantined?

Next, I ran the escan removal tool. Here's the log from that.

03 Aug 2011 16:32:17 - **********************************************************

03 Aug 2011 16:32:17 - MWAV - eScanAV AntiVirus Toolkit.

03 Aug 2011 16:32:17 - Copyright © MicroWorld Technologies

03 Aug 2011 16:32:17 - **********************************************************

03 Aug 2011 16:32:17 - Source: C:\Users\D\Downloads\mwav.exe

03 Aug 2011 16:32:17 - Version 12.0.162 (C:\USERS\D\APPDATA\LOCAL\TEMP\MEXETMP.EX~)

03 Aug 2011 16:32:17 - Log File: C:\Users\D\AppData\Local\Temp\MWAV.LOG

03 Aug 2011 16:32:17 - Last Scan Date and Time: 03.08.2011 13:18:26

03 Aug 2011 16:32:17 - MWAV Registered: TRUE

03 Aug 2011 16:32:17 - User Account: D (Administrator Mode)

03 Aug 2011 16:32:17 - OS Type: Windows Workstation

03 Aug 2011 16:32:17 - OS: Windows 7 [OS Install Date: 10 Sep 2010 23:09:46]

03 Aug 2011 16:32:17 - Ver: Personal (Build 7600)

03 Aug 2011 16:32:17 - System Up Time: 17 Hours, 3 Minutes, 58 Seconds



03 Aug 2011 16:32:17 - Parent Process Name : C:\Users\D\AppData\Local\Temp\mexe.com

03 Aug 2011 16:32:17 - Windows Root Folder: C:\Windows

03 Aug 2011 16:32:17 - Windows Sys32 Folder: C:\Windows\system32

03 Aug 2011 16:32:17 - DHCP NameServer: 192.168.1.1

03 Aug 2011 16:32:17 - Interface0 DHCPNameServer: 192.168.1.1

03 Aug 2011 16:32:17 - Local Fixed Drives: c:\,d:\

03 Aug 2011 16:32:17 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

03 Aug 2011 16:32:17 - [CREATED ZIP FILE: C:\Users\D\AppData\Local\Temp\pinfect.zip]



03 Aug 2011 16:32:17 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll (5120), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll (4096), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll (4096), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll (4096), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll (4608), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll (4096), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll (4096), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll (4608), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll (3072), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll (3584), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 12-Jul-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll to ZIP FILE]

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 16:32:19 - C:\Users\D\AppData\Local\Temp\flaE58D.tmp (2144267), 03-Aug-2011

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\UPDLL10.DLL (904712), 03-Aug-2011, MicroWorld Technologies Inc., eScan/MailScan/MWAV

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF0965D0E01374367C.TMP (32768), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF0965D0E01374367C.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF31E5474807D6A916.TMP (81920), 03-Aug-2011 [Added C:\Users\D\AppData\Local\Temp\~DF31E5474807D6A916.TMP to ZIP FILE]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF69418151BE1E69EC.TMP (512), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF69418151BE1E69EC.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF6EB39E8A2652EDB1.TMP (16384), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF6EB39E8A2652EDB1.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF769C3038CA96422E.TMP (81920), 02-Aug-2011 [Added C:\Users\D\AppData\Local\Temp\~DF769C3038CA96422E.TMP to ZIP FILE]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF8A480036C5A6C4FA.TMP (32768), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF8A480036C5A6C4FA.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF8B6B5E9F794E6B32.TMP (16384), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF8B6B5E9F794E6B32.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DF93E7E36581434582.TMP (16384), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DF93E7E36581434582.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DFB2C546CFD0D70FE3.TMP (512), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DFB2C546CFD0D70FE3.TMP to ZIP FILE! ResultCode: 512]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\~DFEADE3BCE0E776809.TMP (512), 03-Aug-2011 [Unable to Add C:\Users\D\AppData\Local\Temp\~DFEADE3BCE0E776809.TMP to ZIP FILE! ResultCode: 512]



03 Aug 2011 16:32:20 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]

03 Aug 2011 16:32:20 - C:\Windows\Media, 14-Jul-2009 [SR] [Folder]

03 Aug 2011 16:32:20 - C:\Windows\system32\Microsoft, 14-Jul-2009 [S] [Folder]

03 Aug 2011 16:32:20 - C:\$AVG, 22-Dec-2010 [H] [Folder]

03 Aug 2011 16:32:20 - C:\ACER, 01-Apr-2009 [H] [Folder]

03 Aug 2011 16:32:20 - C:\Boot, 01-Apr-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\Config.Msi, 05-Jul-2010 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\Documents and Settings, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\MSOCache, 01-Apr-2009   [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData, 14-Jul-2009 [H] [Folder]

03 Aug 2011 16:32:20 - C:\Recovery, 11-Sep-2010 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\plugtmp-69, 30-Jul-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\plugtmp-70, 01-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\plugtmp-71, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\RarSFX0, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\RarSFX1, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\RarSFX2, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\SUPERSetup, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\svhpb.tmp, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Local\Temp\WPDNSE, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Roaming\Microsoft, 11-Sep-2010 [S] [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Roaming\Spotify, 25-Jul-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Users\D\AppData\Roaming\SUPERAntiSpyware.com, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\!SASCORE, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Common Files, 14-Mar-2011 [H] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Microsoft, 14-Jul-2009 [S] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\SUPERAntiSpyware.com, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\$AVG, 22-Dec-2010 [H] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\ACER, 01-Apr-2009 [H] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\Boot, 01-Apr-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\Config.Msi, 05-Jul-2010 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\MSOCache, 01-Apr-2009   [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\ProgramData, 14-Jul-2009 [H] [Folder]

03 Aug 2011 16:32:20 - C:\ProgramData\..\Recovery, 11-Sep-2010 [HS] [Folder]

03 Aug 2011 16:32:20 - C:\Program Files\ESET, 03-Aug-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Program Files\Microsoft Silverlight, 21-Jul-2011 [Folder]

03 Aug 2011 16:32:20 - C:\Program Files\SUPERAntiSpyware, 03-Aug-2011 [Folder]



03 Aug 2011 16:32:20 - *********************************************************************************************



03 Aug 2011 16:32:20 - Command Line Options Given: /xsign

03 Aug 2011 16:32:36 - Latest Date of files inside MWAV: Thu Aug 4 22:41:17 2011.

03 Aug 2011 16:32:36 - Plugins FileCount: 892 Sign Version: 7.38512

03 Aug 2011 16:32:36 - WARNING!!! INVALID SYSTEM DATE 03-08-2011 !!!

03 Aug 2011 16:32:36 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\D\AppData\Local\Temp\ESCANDB.LOG]

03 Aug 2011 16:32:41 - Loaded/Created FileScan Database...

03 Aug 2011 16:32:41 - Loading AV Library [DB]...

03 Aug 2011 16:32:57 - AV Library Loaded [DB-DIRECT].

03 Aug 2011 16:32:57 - MWAV doing self scanning...

03 Aug 2011 16:32:57 - MWAV files are clean.
03 Aug 2011 16:33:16 - Virus Database Date: 04 Aug 2011
03 Aug 2011 16:33:16 - Virus Database Count: 8709228

03 Aug 2011 16:33:40 - **********************************************************
03 Aug 2011 16:33:40 - MWAV - eScanAV AntiVirus Toolkit.
03 Aug 2011 16:33:40 - Copyright © MicroWorld Technologies
03 Aug 2011 16:33:40 -
03 Aug 2011 16:33:40 - Support: support@escanav.com
03 Aug 2011 16:33:40 - Web: http://www.escanav.com
03 Aug 2011 16:33:40 - **********************************************************
03 Aug 2011 16:33:40 - Version 12.0.162[DB] (C:\USERS\D\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
03 Aug 2011 16:33:40 - Log File: C:\Users\D\AppData\Local\Temp\MWAV.LOG
03 Aug 2011 16:33:40 - User Account: D (Administrator Mode)
03 Aug 2011 16:33:40 - Parent Process Name : C:\Users\D\AppData\Local\Temp\mexe.com
03 Aug 2011 16:33:40 - Windows Root Folder: C:\Windows
03 Aug 2011 16:33:40 - Windows Sys32 Folder: C:\Windows\system32
03 Aug 2011 16:33:40 - OS: Windows 7 [OS Install Date: 10 Sep 2010 23:09:46]
03 Aug 2011 16:33:40 - Ver: Personal (Build 7600)
03 Aug 2011 16:33:40 - Latest Date of files inside MWAV: Thu Aug 4 22:41:17 2011.
03 Aug 2011 16:33:40 - Plugins FileCount: 892 Sign Version: 7.38512
03 Aug 2011 16:33:40 - WARNING!!! INVALID SYSTEM DATE 03-08-2011 !!!

03 Aug 2011 16:33:40 - Options Selected by User:
03 Aug 2011 16:33:40 - Memory Check: Enabled
03 Aug 2011 16:33:40 - Registry Check: Enabled
03 Aug 2011 16:33:40 - StartUp Folder Check: Enabled
03 Aug 2011 16:33:40 - System Folder Check: Enabled
03 Aug 2011 16:33:40 - Services Check: Enabled
03 Aug 2011 16:33:40 - Scan Spyware: Disabled
03 Aug 2011 16:33:40 - Drive Check Option Disabled
03 Aug 2011 16:33:40 - Folder Check: Disabled
03 Aug 2011 16:33:40 - SCAN: All_Files
03 Aug 2011 16:33:40 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


03 Aug 2011 16:33:41 - ***** Scanning Memory Files *****

03 Aug 2011 16:34:22 - ***** Scanning Registry Files *****

03 Aug 2011 16:34:40 - ***** Scanning StartUp Folders *****

03 Aug 2011 16:34:40 - ***** Scanning Service Files *****

03 Aug 2011 16:37:31 - ***** Scanning System32 Folders *****

03 Aug 2011 16:43:13 - C:\Users\D\AppData\Local\Temp\bdcore.dll.16282790.mwt File already Scanned once... not able to clean.
03 Aug 2011 16:43:31 - C:\Users\D\AppData\Local\Temp\flaE58D.tmp not Scanned. Possibly password protected...

03 Aug 2011 16:48:38 - ***** Checking for specific ITW Viruses *****

03 Aug 2011 16:48:38 - ***** Scanning complete. *****

03 Aug 2011 16:48:38 - Total Objects Scanned: 13625
03 Aug 2011 16:48:38 - Total Critical Objects: 0
03 Aug 2011 16:48:38 - Total Disinfected Objects: 0
03 Aug 2011 16:48:38 - Total Objects Renamed: 0
03 Aug 2011 16:48:38 - Total Deleted Objects: 0
03 Aug 2011 16:48:38 - Total Errors: 0
03 Aug 2011 16:48:38 - Time Elapsed: 00:14:45
03 Aug 2011 16:48:38 - Virus Database Date: 04 Aug 2011
03 Aug 2011 16:48:38 - Virus Database Count: 8709228

03 Aug 2011 16:48:38 - Scan Completed.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:30 PM

Posted 05 August 2011 - 01:39 AM

Hello,

You need to reset your router back to factory settings. The exact process varies from model to model, but usually involves pressing in a 'RESET' button with a pin for about 15-30 seconds. The button should be located somewhere on the device. You should consult your router documentation for details.

Note that you will need to reconfigure the router after performing the reset. Additionally, make sure that you secure the router config with a strong password. Again, consult your router documentation for details on this process.

After resetting the router, let me know if the redirects continue.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users