Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cot dang google redirect virus gettin all up in m'drawers


  • Please log in to reply
7 replies to this topic

#1 Agnate80700

Agnate80700

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 20 September 2011 - 12:50 AM

So I see there are a <expletive_deleted> ton of threads about the google redirect thing. I've noticed they all start with requests from mods for malwarebytes/minitoolbox/gmer scan log, we can just skip that step and I'll post them here for you.

Everything comes up negative. Ad-aware as well. Also tried resetting my router to factory, as one thread succeeded in doing, but this didn't work for me.

I'm pretty stumped on this one. GMER finished scanning (with internet unplugged) and didnt give me a log, it just said "no system modifications found" and I saved the "log" but the notepad file is just blank, dunno if thats correct or not. Here are the logs for MBAM/MTB:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7739

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/19/2011 7:26:36 AM
mbam-log-2011-09-19 (07-26-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 779559
Time elapsed: 2 hour(s), 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------------------------------------------------------------------------
MiniToolBox by Farbar
Ran by Zach (administrator) on 19-09-2011 at 04:54:29
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Z-Unit
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.mi.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1E-8C-BF-93-C7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8912:c1e7:f18e:e0be%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 18, 2011 5:24:04 AM
Lease Expires . . . . . . . . . . : Monday, September 19, 2011 6:52:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201334412
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-6A-DA-0E-00-1E-8C-BF-93-C7
DNS Servers . . . . . . . . . . . : 68.87.77.134
68.87.72.134
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.mi.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.mi.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.westlandrdc.mi.michigan.comcast.net
Address: 68.87.77.134

Name: google.com
Addresses: 74.125.225.84
74.125.225.83
74.125.225.80
74.125.225.82
74.125.225.81



Pinging google.com [74.125.225.83] with 32 bytes of data:

Reply from 74.125.225.83: bytes=32 time=29ms TTL=52

Reply from 74.125.225.83: bytes=32 time=28ms TTL=52



Ping statistics for 74.125.225.83:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server: cns.westlandrdc.mi.michigan.comcast.net
Address: 68.87.77.134

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=55ms TTL=50

Reply from 209.191.122.70: bytes=32 time=54ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 55ms, Average = 54ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...00 1e 8c bf 93 c7 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.hsd1.mi.comcast.net.
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 276
192.168.1.102 255.255.255.255 On-link 192.168.1.102 276
192.168.1.255 255.255.255.255 On-link 192.168.1.102 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 276 fe80::/64 On-link
8 276 fe80::8912:c1e7:f18e:e0be/128
On-link
1 306 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [293576] (SpeedBit)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/17/2011 02:37:08 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/17/2011 02:12:15 AM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4e61fd27, faulting module chrome.dll, version 13.0.782.220, time stamp 0x4e61fce6, exception code 0x80000003, fault offset 0x0001ffd1,
process id 0x6dc, application start time 0xchrome.exe0.

Error: (09/17/2011 02:11:11 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/17/2011 01:38:48 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/10/2011 02:08:29 PM) (Source: Application Error) (User: )
Description: Faulting application fraps.exe, version 2.9.4.7037, time stamp 0x478b5258, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02b132ad,
process id 0xf2cc, application start time 0xfraps.exe0.

Error: (09/08/2011 01:43:05 AM) (Source: Application Error) (User: )
Description: Faulting application AIMupdt32.exe, version 14.0.1404.500, time stamp 0x4e6641c3, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0xa4e4, application start time 0xAIMupdt32.exe0.

Error: (09/04/2011 08:05:14 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ZACH\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/04/2011 02:09:40 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ZACH\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\SAPPHIC EROTICA.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/04/2011 02:09:40 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ZACH\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\SAPPHIC EROTICA.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 08:05:15 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ZACH\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (09/18/2011 05:25:46 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/18/2011 05:24:36 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1058

Error: (09/18/2011 05:24:36 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1058

Error: (09/18/2011 05:24:36 AM) (Source: Service Control Manager) (User: )
Description: TBPanel%%1275

Error: (09/18/2011 05:24:11 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\TBPanel.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/18/2011 05:23:51 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.

Error: (09/18/2011 05:17:19 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/18/2011 05:16:09 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1058

Error: (09/18/2011 05:16:09 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1058

Error: (09/18/2011 05:16:09 AM) (Source: Service Control Manager) (User: )
Description: TBPanel%%1275


Microsoft Office Sessions:
=========================
Error: (01/01/2009 11:52:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2009 11:51:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2321 seconds with 840 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

(Version: 6.8.5)
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 1.8.4)
3DMark05 (Version: 1.3.0)
3DMark06 (Version: 1.1.0)
64 Bit HP CIO Components Installer (Version: 2.2.4)
Ad-Aware (Version: 9.5.0)
Add or Remove Adobe Creative Suite 3 Design Premium (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.3.0)
Adobe Acrobat 8.3.0 - CPSID_83708
Adobe Acrobat 8.3.0 Professional (Version: 8.3.0)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 8.2.1 (Version: 8.2.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server {ko_KR} (Version: 3.0.0.0 {ko_KR} )
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advanced GIF Animator 3.0 (Version: 3.0)
Adventure Tools (Version: 1.00.0000)
Age of Conan - Hyborian Adventures
AHV content for Acrobat and Flash (Version: 1)
AI Suite (Version: 1.03.17)
AIM 7
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Arcanum (Version: 1.0.6.4)
Ask Toolbar (Version: 1.12.2.0)
Audacity 1.2.6
Battlefield Heroes
Beat Hazard Demo
BioShock (Version: 2.5.0000)
Bonjour (Version: 2.0.4.0)
BufferChm (Version: 110.0.180.000)
CamStudio
Canon Inkjet Printer Driver Add-On Module
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
Carenado Cessna Skylane 182 RG II
Copy (Version: 110.0.180.000)
Creative Audio Console
Creative Sound Blaster Properties x64 Edition
CustomerResearchQFolder (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAP Plug-in for 64 Bit IE (Version: 9411.0.29)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.0.4.2)
DivX Version Checker (Version: 7.1.0.2)
DJ_AIO_03_F4200_ProductContext (Version: 110.0.206.000)
DJ_AIO_03_F4200_Software (Version: 110.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 110.0.206.000)
Download Accelerator Plus (DAP) (Version: 9504 (Build 2064))
Download Updater (AOL LLC)
Driver Sweeper 1.0
EasyRecovery Professional (Version: 6.10.07)
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 110.0.206.000)
F4200_Help (Version: 110.0.206.000)
FastStone Image Viewer 4.2 (Version: 4.2)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
FLV to WMV Convert 2.7 (Version: 2.7)
Fraps (remove only)
Frets On Fire (Version: 1.2.512-win32)
Google Chrome (Version: 14.0.835.163)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.69)
Google Updater (Version: 2.4.1368.5602)
GPBaseService (Version: 110.0.180.000)
Guitar Pro 6
HP Customer Participation Program 11.0 (Version: 11.0)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (Version: 11.0)
HP Imaging Device Functions 11.0 (Version: 11.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Smart Web Printing (Version: 4.0)
HP Solution Center 11.0 (Version: 11.0)
HP Update (Version: 4.000.009.002)
HPProductAssistant (Version: 110.0.180.000)
HPSSupply (Version: 110.0.180.000)
huey 1.0.5
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Lightroom (Version: 1.30.0000)
LimeWire 4.16.6 (Version: 4.16.6)
Logitech QuickCam (Version: 11.50.1169)
Logitech QuickCam Driver Package
Magic Workstation 0.94f
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
ManyCam 2.5.48 (remove only) (Version: 2.5.48)
MarketResearch (Version: 110.0.180.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
MediaCoder 0.6.2 (Version: 0.6.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Expression Web (Version: 12.0.6215.1000)
Microsoft Expression Web MUI (English) (Version: 12.0.6425.1000)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft GIF Animator
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.0.51 Driver 5.1.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MTG GamePack for Magic Workstation
NCH Toolbox
Nimo Codecs Pack v5.0 (Remove Only)
NVIDIA Drivers
OpenAL
Orbit Downloader
PDF Settings (Version: 1.0)
Picasa 3 (Version: 3.6)
Portal
PSSWCORE (Version: 2.03.0000)
PunkBuster Services (Version: 0.987)
QuickTime (Version: 7.69.80.9)
RealPlayer
RideReady - Commercial Pilot (Airplane)
Scan (Version: 11.0.0.0)
Shop for HP Supplies (Version: 11.0)
Sibelius Scorch (Version: 1.0.0)
SmartWebPrinting (Version: 110.0.182.000)
SolutionCenter (Version: 110.0.180.000)
SpeedBit Video Accelerator (Version: 3217(build_2041))
Splitcam Toolbar
Status (Version: 110.0.180.000)
Steam (Version: 1.0.0.0)
Sword of The New World
System Requirements Lab
TomTom HOME 2.7.5.2014 (Version: 2.7.5.2014)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
Ulead GIF Animator
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VDOTool 6.0
Ventrilo Client for Windows x64 (Version: 3.0.3.8)
Verizon V CAST Media Manager
VideoPad Video Editor
VideoToolkit01 (Version: 110.0.171.000)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.4 (Version: 1.1.4)
WebReg (Version: 110.0.180.000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
XP Codec Pack
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8189.63 MB
Available physical RAM: 5065.79 MB
Total Pagefile: 16482.29 MB
Available Pagefile: 13870.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 4011.94 MB

========================= Partitions: =====================================

2 Drive c: (Elements) (Fixed) (Total:372.6 GB) (Free:131.19 GB) NTFS
3 Drive d: () (Fixed) (Total:465.76 GB) (Free:348.14 GB) NTFS
6 Drive g: (TOSHIBA512M) (Removable) (Total:0.48 GB) (Free:0.15 GB) FAT

========================= Users: ========================================

User accounts for \\Z-UNIT

Administrator Guest Zach

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini031408-01.dmp
C:\Windows\Minidump\Mini040508-01.dmp
C:\Windows\Minidump\Mini041808-01.dmp
C:\Windows\Minidump\Mini061808-01.dmp
C:\Windows\Minidump\Mini061908-01.dmp
C:\Windows\Minidump\Mini062008-01.dmp
C:\Windows\Minidump\Mini062908-01.dmp
C:\Windows\Minidump\Mini071311-01.dmp
C:\Windows\Minidump\Mini072609-01.dmp
C:\Windows\Minidump\Mini080310-01.dmp
C:\Windows\Minidump\Mini080310-02.dmp
C:\Windows\Minidump\Mini080410-01.dmp
C:\Windows\Minidump\Mini112008-01.dmp
C:\Windows\Minidump\Mini112308-01.dmp

**** End of log ****

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 PM

Posted 20 September 2011 - 11:54 AM

Hello and welcome. You sure use a lot of ADobe items.. We need to update Reader.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.22.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Agnate80700

Agnate80700
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 20 September 2011 - 10:21 PM

1) Had 4 other java's I had to uninstall. Rebooted, installed JRE7 from link provided.
2) Updated to adobe reader X
3) Saved TDSSKiller.exe to desktop from link provided, ran scan, no infection found.
4) ESET found some stuff, though I still am experiencing redirects. Heres the log:

C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Default\igknmikgaldpkfphcdeedmdidbfbooni\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\Local\Temp\D609.tmp a variant of Win32/Kryptik.SJI trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\Local\Temp\jar_cache1562199857743423423.tmp a variant of Win32/Kryptik.SJI trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\Local\Temp\jar_cache6117597000513664563.tmp a variant of Win32/Kryptik.SJI trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\Local\Temp\w7e4224.tmp.exe a variant of Win32/Kryptik.SSB trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34d49d91-493eeabc a variant of Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\26e2fcd2-7bb650b8 multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b085c92-219244cd multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\331f3bd4-4d77d1b9 multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\5c9dfd94-5b79a3e9 multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\23268f15-28c05a64 Java/ClassLoader.AA trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4678319b-1511270c multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6cc0525c-4499146f Java/TrojanDownloader.OpenStream.NBL trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72b7c5c-581c1d84 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-575f4bf3 multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\61a815d-2ec26147 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2f22d0df-2e284411 multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4c6f4460-4347f29a multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\38108924-74c67ca4 a variant of OSX/Exploit.Smid.C trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\3597eda7-7881732a a variant of Java/Agent.DM trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\fa54f6f-32262568 Java/Agent.BB trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-453c4dd6 Java/Exploit.CVE-2009-3867.AL trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\640f9e74-2d565a6f a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\4f8826b7-56c4174b multiple threats deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\23146dfe-1e19b777 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Zach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6d423548-2403c7ab multiple threats deleted - quarantined
C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\bg9nkbkm.default\extensions\{3369affe-c1f4-4573-b33d-8e862e3e2682}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\bg9nkbkm.default\extensions\{3369affe-c1f4-4573-b33d-8e862e3e2682}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted (after the next restart) - quarantined
C:\Users\Zach\Desktop\Utilities\HSS-1.57-install-anchorfree-247-conduit3.exe a variant of Win32/HotSpotShield application deleted - quarantined
D:\Installers\OrbitSetup4.0.10.exe Win32/OpenCandy application deleted - quarantined
D:\Installers\OrbitSetup4.0.5.exe Win32/OpenCandy application deleted - quarantined
D:\Installers\OrbitSetup4.0.9.exe Win32/OpenCandy application deleted - quarantined
D:\Installers\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined
D:\Users\Zach\AppData\Local\Temp\jar_cache4638759602477973941.tmp multiple threats deleted - quarantined
D:\Users\Zach\AppData\Local\Temp\jar_cache4670845200775772524.tmp a variant of Java/Exploit.Agent.NAL trojan deleted - quarantined
D:\Users\Zach\AppData\Local\Temp\SEo1xOna.exe.part Win32/OpenCandy application deleted - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 PM

Posted 21 September 2011 - 09:10 AM

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?



Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:{Thanks quietman7}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Agnate80700

Agnate80700
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 21 September 2011 - 01:14 PM

Downloaded host file fixer from link provided, installed successfully.

Well.... I just opened 20 google links in a row, no redirects. I think that may have gotten it. Was usually getting about a ~33% redirect rate so I'm gonna apprehensively claim victory here, but we shall see as the day progresses

I do have/use firefox, and cleared it (as well as java's) caches. I do not use IE ever, and use chrome occasionally.

If all stays well until tonight, I'll feel safe enough to make a restore point. Crossing my fingers!

Thanks for the help boopme!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 PM

Posted 21 September 2011 - 02:30 PM

You're welcome and thanks for dropping by!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Agnate80700

Agnate80700
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 21 September 2011 - 09:25 PM

Well, I've opened about 70 new tabs off of google search results, not a single redirect. So looks like I'm cured.

Just out of curiosity, is a host file infection typically the cause of the google redirects? Or is there a bunch of versions of the virus going around, each hiding in different places? (You can just respond and close this thread to clean up if you want, I don't think I need to waste any front page space any longer :) I'm just wondering for the future in case it happens again, seeing as it seems to be a relatively common infection (at least for the time being.)

Thanks again!!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 PM

Posted 21 September 2011 - 09:53 PM

It is one of several. Depending on the type of malware. Some will target the Hosts file while others your DNS settings. While others are written to go to specific pages.

The Hosts File and what it can do for you


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users