Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I beleive i have the google redirect virus in chrome


  • Please log in to reply
10 replies to this topic

#1 grrzoot

grrzoot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 06:39 PM

For the past few days i have noticed strange things happeneing with my browser links when i click on then sometimes they work, sometimes i have to reload and i get redirects too get. whatever. redirect ads randomly. I rand malware bytes couple days back which removed some items but didnt stop the process please help

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2012 - 07:21 PM

Hello grrzoot

Are you on a router? Are other machines on it,if so are they redirecting?


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 grrzoot

grrzoot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 07:36 PM

Hello grrzoot

Are you on a router? Are other machines on it,if so are they redirecting?


Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Hello and thankyyou for your time, yes i am behind a router. No other machines are redirecting i beleive. I sent you the report of the tdss killer, was neg i beleive. The other txt includes alot of inside router information do i post that here or send that as report also?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2012 - 07:42 PM

Yes post it, there is actually nothing there that is personally identifiable.

If you are nervous ,PM me this part
•List IP configuration

Edited by boopme, 15 September 2012 - 07:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 grrzoot

grrzoot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 07:46 PM

OK here is the rest of it

MiniToolBox by Farbar Version: 23-07-2012
Ran by dadz (administrator) on 15-09-2012 at 19:31:29
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 04:42:30 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (09/15/2012 04:42:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (09/15/2012 04:42:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (09/15/2012 00:59:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=E:\QBB1011\Fox Chimney Service.QBW;ENG=QB_data_engine_20;DBN=b44a231f7ad747b9985e23c570220ef6

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection Error:Invalid user ID or password

Error: (09/14/2012 05:16:17 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/14/2012 05:16:17 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=E:\QBB1011\Fox Chimney Service.QBW;ENG=QB_data_engine_20;DBN=aaaf421b204745f992989ecdb4212e32


System errors:
=============
Error: (09/15/2012 06:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (09/15/2012 06:59:38 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2012 06:59:15 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (09/15/2012 06:59:05 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2012 04:59:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (09/15/2012 04:58:21 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2012 04:56:49 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2012 04:46:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (09/15/2012 04:45:37 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2012 04:45:03 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (09/15/2012 04:42:30 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (09/15/2012 04:42:30 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (09/15/2012 04:42:30 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (09/15/2012 00:59:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=E:\QBB1011\Fox Chimney Service.QBW;ENG=QB_data_engine_20;DBN=b44a231f7ad747b9985e23c570220ef6

Error: (09/14/2012 05:16:18 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Connection Error:Invalid user ID or password

Error: (09/14/2012 05:16:17 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/14/2012 05:16:17 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=E:\QBB1011\Fox Chimney Service.QBW;ENG=QB_data_engine_20;DBN=aaaf421b204745f992989ecdb4212e32


=========================== Installed Programs ============================

@BIOS (Version: 2.12)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
BB Manager (Version: 2.2.0.2)
Blood Bowl Legendary Edition version 2.0.1.4 (Version: 2.0.1.4)
Bonjour (Version: 2.0.5.0)
Chaos 7 (Version: )
Creative ALchemy (Version: 1.41)
Creative Audio Control Panel (Version: 3.00)
Disney's Magic Artist Deluxe (Version: 1.0)
DriverAgent by eSupport.com
EASEUS Partition Recovery 5.0.1
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Fraps
Google Chrome (Version: 21.0.1180.89)
HiJackThis (Version: 1.0.0)
Host OpenAL (Version: 2.02)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
League of Legends (Version: 1.3)
LG United Mobile Drivers (Version: 3.2.0.0)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.30 (Version: 8.30.86)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MechWarrior Online (Version: 1.1.0.0)
MechWarrior Online (Version: 1.1.1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0623)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Portal
Portal 2
QuickBooks (Version: 20.0.4015.807)
QuickBooks Pro 2010 (Version: 20.0.4015.807)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
SPORE™ (Version: 1.00.0000)
Spybot - Search & Destroy (Version: 1.6.2)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
SupportSoft Assisted Service (Version: 15)
SWMoniTOR 1.0
System Requirements Lab (Version: 4.1.72.0)
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3268)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2011 wwiiper (Version: 011.000.1499)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
World of Warcraft (Version: 5.0.4.16016)
Zero Assumption Recovery Version 8.3

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 6141.49 MB
Available physical RAM: 4183.96 MB
Total Pagefile: 12281.18 MB
Available Pagefile: 10107.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.27 MB

========================= Partitions: =====================================

2 Drive c: (SSDEMON) (Fixed) (Total:111.79 GB) (Free:27.43 GB) NTFS
4 Drive e: () (Fixed) (Total:298.08 GB) (Free:182.39 GB) NTFS

========================= Users: ========================================

User accounts for \\DADZ-PC

Administrator dadz Guest
UpdatusUser


**** End of log ****

#6 grrzoot

grrzoot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 07:50 PM

I did run malwarebytes free a couple of days ago also. This issue is isolated to chrome, My I.E. appears to be unaffect, i never use it except for well, now.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2012 - 07:55 PM

In Chrome it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

OR Disable All Extensions ,see if that worked,then you need to go back to one by one to see which ps the culprit.



Note remove these from the PC as older versions atr exploitable by malware,reboot.
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 7 Update 5 (Version: 7.0.50),,,Ig this is tthe 32 bit.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 grrzoot

grrzoot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 08:06 PM

Well, WOW... first on I found Default extension. disabled it, although i cant seem to find the file location to delete it.

Default Extension 1.0
ID: eicomanjjknhlmkpdmfgiimhemmkdeil
Loaded from: C:\Users\dadz\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcdcdjdcgbgcgbgbgddfgddegddhdi

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2012 - 08:17 PM

Looks like it was a malware file to make sure we didn't miss one ....

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 grrzoot

grrzoot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 September 2012 - 09:35 PM

Not a bad scanner, found these lurking in some old files on my back drive:

E:\FreeAgent Drive\Backup\DADZ-PC\C\Users\dadz\Documents\My Received Files\Vanguard-dm\Vanguard-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined
E:\FreeAgent Drive\Comp backuptransfer 1212008\dadz\Documents\My Received Files\Vanguard-dm\Vanguard-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

Dang forgot that's the external!

Thank you for all your help things are looking good.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2012 - 09:44 PM

You're welcome. Yes I run that every few months as its good.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users