Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zodiac-game.info/newpager.html website opens on login


  • Please log in to reply
3 replies to this topic

#1 lnsulans

lnsulans

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 19 January 2017 - 08:44 PM

Hi,

Whenever I log in, chrome opens to zodiac-game.info/newpager.html

 

Please see the attached logs.

 

Any help would be greatly appreciated.

 

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:25 AM

Posted 21 January 2017 - 09:48 AM

Hi,

 

We will use FRST to remove a few items.

 

Copy/paste whats below into notepad. Save it as fixlist.txt.

Save it in the same location you have FRST saved to.

Start FRST like before except this time click on the Fix button once. Machine will reboot to finish. Upon reboot it will display a new log called fixlog.txt which you can copy/paste in your reply.

HKU\S-1-5-21-3443793332-1658490695-1762744069-1001\...\Run: [Andrew] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Empty Temp:

How Can I Reduce My Risk to Malware?


#3 lnsulans

lnsulans
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 22 January 2017 - 05:29 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Andrew (22-01-2017 17:25:34) Run:1
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3443793332-1658490695-1762744069-1001\...\Run: [Andrew] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Empty Temp:
*****************

HKU\S-1-5-21-3443793332-1658490695-1762744069-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Andrew => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30178551 B
Java, Flash, Steam htmlcache => 285894033 B
Windows/system/drivers => 40852587 B
Edge => 7443798 B
Chrome => 429017888 B
Firefox => 377371002 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 32851320 B
NetworkService => 19876 B
Andrew => 714466310 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:25:51 ====

Fixed now. Thank you very much.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:25 AM

Posted 24 January 2017 - 06:04 PM

Ok great. You can delete the FRST icon and all the logs. Happy Safe Surfing out there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users