Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a virus that makes me buy security, along with google redirect


  • This topic is locked This topic is locked
34 replies to this topic

#31 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 AM

Posted 02 October 2012 - 11:03 AM

Hi,


Do you still need help? Please let us know, it has been a while since you last replied.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

BC AdBot (Login to Remove)

 


#32 MMendola

MMendola
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 02 October 2012 - 07:56 PM

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\116D.exe.vir a variant of Win32/Injector.WJR trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\1421.exe.vir a variant of Win32/Kryptik.AMBG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\20B9.exe.vir a variant of Win32/Kryptik.AMBG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\2386.exe.vir a variant of Win32/Injector.WJR trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\3207.exe.vir a variant of Win32/Injector.WJR trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\758C.exe.vir a variant of Win32/Injector.WJR trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\78CA.exe.vir a variant of Win32/Kryptik.AMBG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\A7D2.exe.vir a variant of Win32/Kryptik.AMBG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\DF75.exe.vir a variant of Win32/Kryptik.AMBG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\matthew\AppData\Roaming\FBCF.exe.vir a variant of Win32/Injector.WJR trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43PHPO5I\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE04HYV8\amazing-cat-jumps-7-feet-and-turns-light-off[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9ZPGJ09\categories[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIAHJZWN\kitty-so-sleepy-he-wobbles[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPUP17Q7\kitten-tries-to-stay-awake[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB2R9ID5\all-videos[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB2R9ID5\favorites[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined

#33 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 AM

Posted 04 October 2012 - 11:40 AM

Hi there,



Please open Malwarebytes' Anti-Malware and click on the Update tab. Update the program to the latest version.

  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Other Troubleshooting Tips:

===========================================================================================


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Select your Platform.
  • Under Which should I choose?, check the box for Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#34 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 AM

Posted 07 October 2012 - 03:52 PM

Hi,



Do you still need help? Please let us know, it has been a while since you last replied. :)




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#35 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 AM

Posted 12 October 2012 - 09:09 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users