Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Infection


  • Please log in to reply
11 replies to this topic

#1 Chasal

Chasal

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 03:50 PM

Hello i hope at I'm following proper protocol..I know i have some type of "search Redirect virus ..and commerical sounds coming thru PC speakers..no software has worked so far..open to advice or steering to the right forum..thanks

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 30 June 2012 - 04:06 PM

Already tried MBAM or Eset?

If not so:

================================== MBAM Scanner ==================================

Run a scan with MBAM:

Download the free version of Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.


Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================== Eset Scanner ==================================

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Edited by ElFasso, 30 June 2012 - 04:06 PM.


#3 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 04:37 PM

I run MBAM and TDssKiller,Hitman Pro,and other stuff..MBAM found nothing

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 30 June 2012 - 04:39 PM

Run the Eset online scanner, but make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Post the log of the Eset online scanner. I need to see what infection there is on the system.

Note: This scanner needs a lot of time and will need some hours (depends on hard-drive) to finish.

Is your computer behind a router?

Edited by ElFasso, 30 June 2012 - 04:39 PM.


#5 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 05:24 PM

Hey ElFasso appreciate the help...I'm running ESET as i type here and i've three treats it picked up already and it's only 9% complete ..will keep you and the Bleeping community posted.

#6 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 05:26 PM

Well they are not treats..hehe Threats

#7 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 07:19 PM

The ESET scan has picked up 19 infections of some nasty stuff,my grandson was playing games online..Now the remove threats box is upchecked..will i be able to remove them later without a new scan?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 PM

Posted 30 June 2012 - 09:53 PM

If you did not close the scanner then yes.If you closed it rerun it.


Then run .... download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 June 2012 - 11:45 PM

These are the results of the ESET Scan C:\Documents and Settings\charles\Application Data\62CB66015C7F606600C43CC2A7DA8E53\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\charles\Desktop\any-audio-converter.exe Win32/OpenCandy application
C:\Documents and Settings\charles\Desktop\avc-free.exe Win32/OpenCandy application
C:\Documents and Settings\charles\Local Settings\Temp\ICReinstall\cnet2_HitmanPro36_exe[1].exe a variant of Win32/InstallCore.D application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001024.exe Win32/OpenCandy application
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.LH trojan
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.06.2012_11.14.15\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\WINDOWS\explorer.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\svchost.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\winlogon.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe Win32/Patched.NBG.Gen trojan
D:\Documents and Settings\charles\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
D:\Documents and Settings\charles\Desktop\eBay.lnk Win32/Adware.ADON application
D:\Documents and Settings\charles\Start Menu\eBay.lnk Win32/Adware.ADON application
Operating memory Win32/Patched.NBG.Gen trojan

#10 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 01 July 2012 - 01:14 AM

1.

Remove some files that are infect by a Batch file.

delfile.bat
Open Notepad and past the content of this code into it;

@echo off
del /f /s /q "C:\Documents and Settings\charles\Application Data\62CB66015C7F606600C43CC2A7DA8E53\enemies-names.txt"
del /f /s /q "C:\Documents and Settings\charles\Desktop\any-audio-converter.exe"
del /f /s /q "C:\Documents and Settings\charles\Desktop\avc-free.exe"
del /f /s /q "C:\Documents and Settings\charles\Local Settings\Temp\ICReinstall\cnet2_HitmanPro36_exe[1].exe"
del /f /s /q "D:\Documents and Settings\charles\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk"
del /f /s /q "D:\Documents and Settings\charles\Desktop\eBay.lnk"
del /f /s /q "D:\Documents and Settings\charles\Start Menu\eBay.lnk"
del %0

  • Save the Notepad file on your desktop as delfile.bat. Save type as "All Files".
  • Double click on delfile.bat to execute it.
  • A black CMD window will flash, then disappear, this is normal.
  • The files, if found will have been deleted and the "delfile.bat" file will also be deleted.

Now rerun Eset, but make sure that the option Remove found threats is ticked and the Scan Archives option is ticked. Post the log of the Eset online scanner. I need to see what infection there is on the system.

Edited by ElFasso, 01 July 2012 - 01:14 AM.


#11 Chasal

Chasal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 01 July 2012 - 10:27 AM

Ok will do

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:08 PM

Posted 01 July 2012 - 11:14 AM

C:\WINDOWS\explorer.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\svchost.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\winlogon.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe Win32/Patched.NBG.Gen trojan
C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe Win32/Patched.NBG.Gen trojan


We have more serious stuffs here.Better to

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users