1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect

Discussion in 'Malware and Virus Removal Archive' started by lynsing, 2010/06/27.

Page 3 of 3
  1. 2010/07/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #41
  2. 2010/07/06
    lynsing

    lynsing Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    30
    Likes Received:
    0
    I still cannot run the Kapersky online scan.
     
    lynsing,
    #42


  3. to hide this advert.

  4. 2010/07/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #43
  5. 2010/07/08
    lynsing

    lynsing Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    30
    Likes Received:
    0
    C:\_OTL\MovedFiles\07042010_180554\C_Documents and Settings\All Users\My Documents\HSS-1.12-install-anchorfree-76-conduit.zip a variant of Win32/HotSpotShield application
    C:\_OTL\MovedFiles\07042010_180554\C_Documents and Settings\Lynda\Desktop\autorun.inf INF/Autorun virus
    C:\_OTL\MovedFiles\07042010_180554\C_Documents and Settings\Lynda\My Documents\Nero-6.6.1.15d_wch.exe Win32/Toolbar.AskSBar application
    C:\_OTL\MovedFiles\07042010_180554\C_Microgaming\Casino\YukonGold\install.exe Win32/PrimeCasino application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3HTTPCT.DLL Win32/FunWeb application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3POPSWT.DLL Win32/Toolbar.MyWebSearch.C application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3FFXTBR.JAR Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3HIGHIN.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3MEDINT.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3NTSTBR.JAR Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3PLUGIN.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\MWSBAR.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\blah blah\SrchAstt\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    C:\_OTL\MovedFiles\07042010_180554\C_Program Files\Reimage\Reimage Repair\REI_AxControl.dll probably a variant of Win32/Genetik trojan
    C:\_OTL\MovedFiles\07042010_180554\C_Set Up Installation Programs\Macromedia.Flash.Professional.v8.0.Incl.Keymaker-ZWT\KEYGEN.EXE Win32/Virut.NAK virus
    C:\_OTL\MovedFiles\07042010_180554\C_WINNT\Help\F3C74E3FA248.xe a variant of Win32/Pacex.Gen virus
     
    lynsing,
    #44
  6. 2010/07/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
    All those files are quarantined already and they'll be removed in our next step.

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #45
  7. 2010/07/11
    lynsing

    lynsing Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    30
    Likes Received:
    0
    HI The clean up stops at deleteself. I have tried a few times over.
    I still cannot open Outlook Express without it saying that it cannot load MDOE.Dll. When I got into any directory now it says at the top left hand corner it has %THISDIRNAME%. Also the Add/Remove Window does not display any programs other than a line of text at the top of the window. I also get an error message that says object doesn't support the property or method res:sp3res.dll/default.hta Line:82. Also in Microsoft Outlook, which I have been using for email will not go through from a link in an email,perhaps this is a security thing but it brings up a window asking me for an executable file.
    Anyways, my computer is behaving alot better except for these things.
    Please advise what I must do with the OTL Clean up for it to work.
     
    lynsing,
    #46
  8. 2010/07/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can simply delete any tool, we used so far. None of them requires uninstallation.

    Since your computer is clean of any infection, I suggest, you start new topic in Windows forum, regarding remaining issues. The access to malware forum is very limited (just you and me), so you'll get more attention by posting at Windows forum.


    I'll mark this thread as resolved (malware-wise).
    Good luck and stay safe.
     
    broni,
    #47
  9. 2010/07/11
    lynsing

    lynsing Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    30
    Likes Received:
    0
    Thank you. I appreciated your help!
     
    lynsing,
    #48
  10. 2010/07/11
    lynsing

    lynsing Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    30
    Likes Received:
    0
    Oh yeah by the way. You said to do System Restore. Well my computer is running Windows 2000 Pro. Should I do a back up instead?
     
    lynsing,
    #49
  11. 2010/07/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I apologize for that. Surely Win 2K doesn't have system restore, so you may skip that step.
     
    broni,
    #50
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...