Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting sites virus


  • Please log in to reply
1 reply to this topic

#1 ysokrn

ysokrn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 August 2012 - 04:43 PM

hello guys, just created account since I need quick help with this annoying google-redirecting virus.

this is my first time asking for help online so I hope you guys won't mind any mistake on my part...

by the way, just got the message from norton saying that

"Auto-Protect is processing security isk Trojan.Gen"

just scanne it with malwarebytes and here's the log I got from it after full system scan:

Scan options disabled: P2P
Objects scanned: 319789
Time elapsed: 51 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Chris Yoo\AppData\Local\Apple\Adobe\xpuxo.dll (Trojan.RedirRdll3.Gen) -> No action taken.

Registry Keys Detected: 4
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Chris Yoo\AppData\Local\Apple\Adobe\xpuxo.dll",CreateInstance -> No action taken.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Chris Yoo\AppData\Local\Apple\Adobe\xpuxo.dll",CreateInstance -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> No action taken.

Files Detected: 12
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> No action taken.
C:\ProgramData\Microsoft\Windows\DRM\97D1.tmp.dat (Trojan.Agent.EXPD1) -> No action taken.
C:\ProgramData\Microsoft\Windows\DRM\A5E6.tmp (Trojan.Agent.EXPD1) -> No action taken.
C:\Users\Chris Yoo\Documents\do not touch\Guitar\Guitar Pro 5\Guitar Pro 5.2\Guitar Pro 5.2\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Chris Yoo\Documents\do not touch\Guitar\yea\ao no exorcist\vegas pro 8\SonyVegasKeygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Chris Yoo\Documents\do not touch\Guitar\yea\ao no exorcist\vegas pro 8\try this if doesn't work\SonyVegasKeygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Chris Yoo\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\Chris Yoo\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\Chris Yoo\AppData\Local\Apple\Adobe\xpuxo.dll (Trojan.RedirRdll3.Gen) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> No action taken.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:17 PM

Posted 20 August 2012 - 08:22 PM

Remove the infections detected by malwarebytes


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users