Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting - possible trojan on second laptop


  • This topic is locked This topic is locked
17 replies to this topic

#1 isabella_750

isabella_750

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 01 May 2012 - 10:23 AM

Gringo,

I am back home from my business trip and am still having issues with the laptop. I have attached the latest error windows. They are both application errors.

Liz

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 02 May 2012 - 12:58 AM

Hello


uninstall these
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin

and reinstall it from here - http://get.adobe.com/flashplayer/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 02 May 2012 - 09:05 AM

Gringo -

I had already done that before I got the application errors per your earlier instructions. However I have done it once more (again). Any other thoughts?

Lizz

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 04 May 2012 - 01:10 AM

Hello


open IE go to --> tools --> internet options--> advanced Tab--> uncheck "Enable page Transitions" under the "Browsing" section


if that does not work uninstall all java and check again
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 06 May 2012 - 11:44 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 07 May 2012 - 09:33 AM

Gringo,

I haven't experienced any of the issues after doing the last steps with Flash and Page translations. How would you like me to proceed?

Liz

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 07 May 2012 - 12:06 PM

Hello


That is great news!!


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - S-1-5-18 Startup: _uninst_01641735.lnk = D:\Documents and Settings\lcasale\Local Settings\temp\_uninst_01641735.bat (User 'SYSTEM')
      O4 - .DEFAULT Startup: _uninst_01641735.lnk = D:\Documents and Settings\lcasale\Local Settings\temp\_uninst_01641735.bat (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 07 May 2012 - 03:20 PM

Gringo,

Completed the Hijack this step without incident. Initiated the ESET online scanner and had an Application Error pop up. "The instuction at "0x0a940068" referenced memory at "0x0a940068". The memory could not be "written". I clicked CANCEL to debug the program but all it did was lock up my internet explorer and I had to reboot. :(

Liz

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 08 May 2012 - 09:34 AM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 May 2012 - 01:59 PM

Gringo,

I tried the IE Fix-it and it failed. So then I did the Online Scanner. The results are below:

Scanning Report
Tuesday, May 8, 2012 11:06:47 - 11:31:06
Computer name: USDALN0L3B2112
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

1 malware found
TrackingCookie.Atwola (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 36259
System: 3339
Not scanned: 11
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\WINNT\SYSTEM32\IR41_QC.DLL
C:\WINNT\SYSTEM32\IR41_QCX.DLL
C:\WINNT\SYSTEM32\IR50_QCX.DLL
C:\WINNT\SYSTEM32\IR50_QC.DLL
C:\WINNT\SYSTEM32\CONFIG\DEFAULT
C:\WINNT\SYSTEM32\CONFIG\SAM
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE
C:\WINNT\SYSTEM32\CONFIG\SECURITY
C:\WINNT\SYSTEM32\CONFIG\SYSTEM

#11 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 May 2012 - 02:03 PM

Incidentally - I just connected my external drive using the USB port but it seems to not be reading correctly. Not sure if this is part of the issue or not? Any idea on how to fix this?

Liz

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 08 May 2012 - 03:07 PM

tell me about the external drive what is going on?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 May 2012 - 10:07 PM

Gringo,

I have an external harddrive that I use to store information so I can access it regardless of the PC I am working on. It is working fine on my other systems, but it's like the USB port isn't working. May be something completely different.

Liz

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 08 May 2012 - 10:32 PM

hello

click on the start button

click on computer

check if you see the harddrive there


autorun has been turned off as a security measure so when you plug it in it will not start as normal but you should be able to access it from my computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 isabella_750

isabella_750
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 May 2012 - 10:49 PM

Gringo,

Is it possible to enable auto run on the port?

Liz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users