Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and browser redirects


  • This topic is locked This topic is locked
6 replies to this topic

#1 jblock1955

jblock1955

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 13 October 2011 - 02:20 AM

My grandson went to some website and the desktop computer has a few problems. I have run Avast Free AntiVirus and a boot scan, finding and removing several virus. The same was true for SuperAntispyware Pro and Maslwarebytes, both in safe mode.
I ran a HighJackthis and compared logs between my desktop and my laptop, not finding anything. (Not sure what to look for.) So am now posting a ComboFix log in hopes someone will find the culprit.
I am running Windows Vista 64 bit, and it seems both Firefox and IE are affected.
Thanks for any help.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 PM

Posted 17 October 2011 - 10:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs and let me know what problem persists.

#3 jblock1955

jblock1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 19 October 2011 - 04:25 AM

Hi NASDAQ and thanks for your help. However when I downloaded and ran aswMBR.exe, I ended up with a blue screen with a loot of print on it. It did not stay long enought for me to write it all down. I got as far as ....IVER-IRQL.... then the computer restarted.
Then I downloaded TDSSKiller.exe, ran it, but it did not find anything.
The interesting part is that even though I ran AVAST, SUPERANTISPYWARE and MALWAREBYTES, with the last two in safe mode, finding and removing malware as they were reported, I still had the rerouted search pages. But this week, all seems to be back to normal. The searches are again going to the links they were intended to. To my knowledge,m I did not do anything other than running COMBOFIX and posting the log on this forum. Curious.
Thanks again.

Jon Block

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 PM

Posted 19 October 2011 - 01:07 PM

Usually ComboFix will delete all the bad files.

The other tools I asked to be executed are extras.

Lets check this out.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Post the log and let me know if all is still good.

#5 jblock1955

jblock1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 24 October 2011 - 06:29 PM

I ran Security Check and found several so called out of date items. The reason I used the term "so called" was a few of those items are according to their respective orginations, up to date. These would be the following. Windows, Windows Update says all is up to date and Firefox The others I am updating now.
The Security Check results are as follows.

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Duplicate Cleaner 1.4.6
Java™ 6 Update 22
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (3.6.23) Firefox Out of Date!
Mozilla Thunderbird (3.1.12) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 PM

Posted 25 October 2011 - 10:34 AM

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22
Java™ 6 Update 23

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Mozilla Firefox (3.6.23) Firefox Out of Date! <- you have the lates. The tool need to be updated.
===

Any remaining issues?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 PM

Posted 31 October 2011 - 09:56 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users