1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved redirect virus in vista

Discussion in 'Malware and Virus Removal Archive' started by dodopie, 2011/09/03.

Page 4 of 5
  1. 2011/09/06
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    always just some random site, could be attornies list or just some other random redirected site.........
     
    dodopie,
    #61
  2. 2011/09/06
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    dodopie,
    #62


  3. to hide this advert.

  4. 2011/09/06
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    dodopie,
    #63
  5. 2011/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's try to reset your router...

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client "
    net start "dns client "


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset ".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
    broni,
    #64
  6. 2011/09/06
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    this is what i got as i typed in:
    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Users\jerry>
    C:\Users\jerry>ipconfig/flushdns
    The requested operation requires elevation.

    C:\Users\jerry>ipconfig/registerdns
    The requested operation requires elevation.

    C:\Users\jerry>ipconfig/release
    The requested operation requires elevation.

    C:\Users\jerry>net stop "dns client "
    The syntax of this command is:

    NET
    [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
    HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |
    STATISTICS | STOP | TIME | USE | USER | VIEW ]

    C:\Users\jerry>net start "dns client "
    System error 5 has occurred.

    Access is denied.


    C:\Users\jerry>
     
    dodopie,
    #65
  7. 2011/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's because you didn't read my instructions carefully enough:

    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).
     
    broni,
    #66
  8. 2011/09/06
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    computer is acting worse about redirecting,in firefox i just opened this site and when i clicked on malware and virus removal, it open a new browser window and took me to a site where my avg alert came up, threat was blocked
    file name letsnano.cu.cc/showthread.php?t=64170195
    threat name: Exploit Best Exploit Kit (type2035)

    so i have vista home basic, your instructions say to:
    Go Start>Run (Start search in Vista), which is what i have so I type in:
    cmd but I cant find the OK button you say to click, so i click on the cmd that the search found and the black screen pops up, now at this point i tried holding CTRL, and SHIFT, press Enter. nothing happens, so your instructions read as i am to do both as it states cause i have vista, what am i missing?
     
    dodopie,
    #67
  9. 2011/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Maybe you got reinfected....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #68
  10. 2011/09/07
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    ComboFix 11-09-07.02 - jerry 09/07/2011 6:29.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1779 [GMT -4:00]
    Running from: c:\users\jerry\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-07 10:39 . 2011-09-07 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-05 17:57 . 2011-09-05 17:57 -------- d-----w- c:\program files\Common Files\Adobe
    2011-09-05 11:43 . 2011-09-05 11:43 -------- d-----w- c:\program files\ESET
    2011-09-04 22:38 . 2011-09-04 22:38 -------- d-----w- c:\program files\Common Files\Java
    2011-09-04 12:21 . 2011-09-04 12:21 -------- d-----w- c:\users\jerry\AppData\Roaming\AVG2012
    2011-09-04 12:18 . 2011-09-07 10:18 -------- d-----w- c:\programdata\AVG2012
    2011-09-04 12:16 . 2011-09-04 12:16 -------- d-----w- c:\program files\AVG
    2011-09-04 12:03 . 2011-09-07 10:16 -------- d-----w- c:\programdata\MFAData
    2011-09-04 02:16 . 2011-09-04 02:16 -------- d-----w- c:\users\jerry\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-04 02:15 . 2011-09-04 02:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-04 02:15 . 2011-09-04 02:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-08-24 10:56 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-09 21:07 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-09 21:07 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-09 21:07 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-09 21:05 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-09 21:05 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-09 21:05 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-27 09:57 . 2011-05-16 08:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 09:05 . 2010-05-19 07:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-06 23:52 . 2010-12-26 16:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2010-12-26 16:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-20 12:57 . 2011-06-24 11:13 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B206A83-DD7E-4123-8E42-CE90BD21451B}\mpengine.dll
    2011-08-30 22:59 . 2011-09-06 02:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL "= "start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzEzOTg1NTUyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1796&mid=2d550cef69b574666674f3904c4cca9d-926113d46e07c1a10a54c687293e356df434df7e" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=" "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
    2010-07-18 15:54 1774080 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
    2009-07-20 22:09 356352 ----a-w- c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
    2004-06-25 18:14 204800 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
    2005-06-11 04:41 1277952 ----a-w- c:\program files\Support.com\BellSouth\hcenter.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9bdaad8d5ad70;Google Update Service (gupdate1c9bdaad8d5ad70);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 133104]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 133104]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.Sys [2010-03-11 56352]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 09:15]
    .
    2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 09:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.pch.com/search?
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\ijlg91ap.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.pch.com/search?
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-07 06:39
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-09-07 06:44:49
    ComboFix-quarantined-files.txt 2011-09-07 10:44
    .
    Pre-Run: 24,783,749,120 bytes free
    Post-Run: 24,677,470,208 bytes free
    .
    - - End Of File - - 6BB015F799A8FB7F7EC3A7A9D03B7B32
     
    dodopie,
    #69
  11. 2011/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Clean....

    I still want you to proceed with instructions from my reply #64.
    Do it correctly this time please.
     
    broni,
    #70
  12. 2011/09/07
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    please re read #67, i explain what i did so can you correct me on what i'm doing wrong?
     
    dodopie,
    #71
  13. 2011/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Click Start and in "Start search" type in:
    cmd
    While holding CTRL, and SHIFT, press Enter.

    Command window will open.

    Proceed with commands listed in my reply #64.
     
    broni,
    #72
  14. 2011/09/07
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    ok, thanks for clarification, it ran right and i reset the router and when i just now came here i had no new windows pop open as i click things here so thats a good sign, I will surf around and let you know how its working and thanks for all your help, also, is the avg free software a good enough anti virus or is there something better i should use?
     
    dodopie,
    #73
  15. 2011/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    AVG is OK.

    I'll mark this topic as resolved.
    It'll stay open just in case you have more info.

    Good luck!
     
    broni,
    #74
  16. 2011/09/08
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    dodopie,
    #75
  17. 2011/09/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Which browser is it?
     
    broni,
    #76
  18. 2011/09/08
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    firefox
     
    dodopie,
    #77
  19. 2011/09/08
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    just checked back here on firefox and when i clicked on malware and virus removal, avg popped up a alert:
    file name: utimse.com/km3w47i8ty.php
    Threat name: Exploit Blackhole Exploit Kit (type 1889)
    I clicked on show details and this is what it says
    Process name C:\Program Files\Mozilla Firefox\firefox.exe
    Process ID: 168
    so does this mean this site is passing this?
     
    dodopie,
    #78
  20. 2011/09/08
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    also this message came up with it:
    Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection.
    The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

    URL: utimse.com/km3w47i8ty.php
    Name: Blackhole Exploit Kit (type 1889)
     
    dodopie,
    #79
  21. 2011/09/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Those are normal warnings when you try to access some dangerous sites.

    If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
    If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
    Same issue?
     
    broni,
    #80
Page 4 of 5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...