Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Links keep getting Redirected


  • Please log in to reply
8 replies to this topic

#1 someone2011

someone2011

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 June 2012 - 02:33 PM

I have Vista, IE, AVG and superantispyware
When I click on a link for a website it keeps getting redirected, also sometimes the keyboard is skipping keystrokes randomly.
I have ran avg, superantispyware, tdsskiller, and malewarebytes and Nothing is coming up.
I did run into a Trojan on 6/1/12 but avg caught and deleted.
Please help find the problem! Ugh


*Edit: Moved topic from Vista to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 23 June 2012 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 23 June 2012 - 03:27 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 someone2011

someone2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 June 2012 - 05:22 PM

2012/06/23 14:31:17.0390 1064 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2012/06/23 14:31:23.0911 1064 ================================================================================
2012/06/23 14:31:23.0911 1064 SystemInfo:
2012/06/23 14:31:23.0911 1064
2012/06/23 14:31:23.0911 1064 OS Version: 6.0.6002 ServicePack: 2.0
2012/06/23 14:31:23.0911 1064 Product type: Workstation
2012/06/23 14:31:23.0911 1064 ComputerName: LAPTOP
2012/06/23 14:31:23.0927 1064 UserName: Katie
2012/06/23 14:31:23.0927 1064 Windows directory: C:\Windows
2012/06/23 14:31:23.0927 1064 System windows directory: C:\Windows
2012/06/23 14:31:23.0927 1064 Processor architecture: Intel x86
2012/06/23 14:31:23.0927 1064 Number of processors: 1
2012/06/23 14:31:23.0927 1064 Page size: 0x1000
2012/06/23 14:31:23.0927 1064 Boot type: Normal boot
2012/06/23 14:31:23.0927 1064 ================================================================================
2012/06/23 14:31:25.0362 1064 Initialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 14:33:59
-----------------------------
14:33:59.588 OS Version: Windows 6.0.6002 Service Pack 2
14:33:59.588 Number of processors: 1 586 0x301
14:33:59.588 ComputerName: LAPTOP UserName: Katie
14:34:03.394 Initialize success
14:37:23.001 AVAST engine defs: 12062301
14:39:21.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
14:39:21.951 Disk 0 Vendor: Hitachi_HTS543212L9A300 FBBOC44C Size: 114473MB BusType: 3
14:39:21.967 Disk 0 MBR read successfully
14:39:21.983 Disk 0 MBR scan
14:39:21.998 Disk 0 unknown MBR code
14:39:21.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 104929 MB offset 63
14:39:22.045 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9540 MB offset 214896640
14:39:22.061 Disk 0 scanning sectors +234434560
14:39:22.139 Disk 0 scanning C:\Windows\system32\drivers
14:39:39.969 Service scanning
14:40:29.281 Modules scanning
14:40:43.290 Disk 0 trace - called modules:
14:40:43.337 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:40:43.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cbfac8]
14:40:43.883 3 CLASSPNP.SYS[8079c8b3] -> nt!IofCallDriver -> [0x85612480]
14:40:43.898 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85612b98]
14:40:44.772 AVAST engine scan C:\Windows
14:40:48.375 AVAST engine scan C:\Windows\system32
14:46:11.436 AVAST engine scan C:\Windows\system32\drivers
14:46:38.923 AVAST engine scan C:\Users\Katie
14:46:46.193 File: C:\Users\Katie\AppData\Local\Google\ElevatedDiagnostics\yovfpcibv.dll **INFECTED** Win32:Kryptik-JAB [Trj]
14:47:49.794 Disk 0 MBR has been saved successfully to "C:\Users\Katie\Desktop\MBR.dat"
14:47:49.809 The log file has been saved successfully to "C:\Users\Katie\Desktop\aswMBR.txt"


ESET currently scanning ...

#4 someone2011

someone2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 June 2012 - 07:26 PM

C:\Users\Katie\AppData\Local\Google\ElevatedDiagnostics\yovfpcibv.dll a variant of Win32/Kryptik.AHHC trojan
Operating memory a variant of Win32/Kryptik.AHHC trojan

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 23 June 2012 - 08:53 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 someone2011

someone2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 June 2012 - 08:57 PM

somewhere in the process of malwarebytes I blue screened just after avg picked up another virus. I was getting stuck at startup screen (f1 to f12) I did test on hard drive and memory all Passed. I was able to then do a recover back to a certain date.
Do I restart all over at eset or malwarebytes?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 25 June 2012 - 03:46 AM

Try to run malwarebytes in safemode with networking and post the log

#8 someone2011

someone2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 25 June 2012 - 08:10 AM

I ended up running eset again it had 7 threats that were removed. Then ran malwareb normal came up clean but when I restarted after the scan, a threat was detected on start up with avg. Restarting again

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 25 June 2012 - 10:22 AM

do you remember the threat?

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Launch FSS again and type

services.exe
in search BOX

and click on search files

Post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users