Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to remove JS injection Trojan virus permanently


  • This topic is locked This topic is locked
8 replies to this topic

#1 rajkumar31

rajkumar31

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 21 December 2015 - 01:02 PM

I need help from techies as I’m facing a strange issue where my browser redirects everytime to a malicious ad/website.

http://imgur.com/vqoBOP9

the browser opens a new page redirecting to hxxttp://hidcptqmerifcusymaqddcomolsujibeptsmycmqsrwgrcmywshgnfpjhcc.com/rot.aspx?partner=910345&f=popup-u
and then this redirects to some page on tradeexchange.com, buysellads.com etc

I will be glad if some techie can help me solve my problem. Adw Cleaner, MB Junkware Removal Tool couldn’t find anything neither did windows defender and MSE. Only KIS detects and blocks it but I need to get rid of this. Formatted my laptop since this problem was there earlier but still it is coming even after complete format. Please help me.

 

Please find this is my problem. It has a JS injection whenever I click anywhere on any website this site opens up which is blocked by my AV. There is some script hidden in my system somewhere which I'm not able to remove.

 

Please find attached my FST scan and ADWCleaner scan log in the post.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 AM

Posted 23 December 2015 - 02:18 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Is the problem still persisting?

#3 rajkumar31

rajkumar31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 24 December 2015 - 09:43 AM

MBAM Log file :-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24-Dec-15
Scan Time: 7:00 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.24.04
Rootkit Database: v2015.12.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Raj

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281250
Time Elapsed: 17 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ADWCleaner:-

# AdwCleaner v5.026 - Logfile created 24/12/2015 at 19:42:59
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate  (x86)
# Username : Raj - RAJ-PC
# Running from : C:\Users\Raj\Downloads\Programs\adwcleaner_5.026.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [575 bytes] ##########

 

 

I had reset my Firefox browser using the link given by you but still the virus/ JS injection persists. Not sure where it is residing in my computer. Neither MBAM nor ADWcleaner could find it as evident from the log file.
 


Edited by rajkumar31, 24 December 2015 - 09:46 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 AM

Posted 24 December 2015 - 10:41 AM

Are these injections only in Firefox?
Check also Internet Explorer and Chrome is you have it installed.

#5 rajkumar31

rajkumar31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 25 December 2015 - 11:51 AM

Are these injections only in Firefox?
Check also Internet Explorer and Chrome is you have it installed.

 

I don't use Chrome and IE nowadays. These injections started with Chrome as I used it extensively. Since there is no perfect alternative for NoScript in Chrome, I'm using Firefox now. What do you think the problem is?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 AM

Posted 26 December 2015 - 08:14 AM

If resetting Firefox this not solve the problem reinstall it.

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Keep me posted.

#7 rajkumar31

rajkumar31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 26 December 2015 - 09:18 AM

I know this problem is not due to firefox. I have reinstalled Firefox again but the problem still persists. I don't use FireFox password manager (never saved even 1) so I didn't touch that part. Is it part of your rules to not take remote control and help people?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 AM

Posted 26 December 2015 - 09:50 AM


Could you problem be the same as describled here.

http://security.stackexchange.com/questions/89650/malware-ad-adsmatte-infection

Read the last post.

===

Fixing the DNS is not my forte.
I suggest you start a new topic in the Networking forum.

http://www.bleepingcomputer.com/forums/f/21/networking/

The helper will request the log from this Minitoolbox scan.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

I will leave this topic open for 6 days.
If you need to return please do.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 AM

Posted 01 January 2016 - 08:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users