Solved Outlook keeps sending is link: kdqj.allew.com

broni · 2010/06/27

Run this instead...

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Start scan button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View log.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

mbremer · 2010/06/28

Completed scan with BitDefender, here is the log:

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV= "Content-Type" CONTENT= "text/html; charset=iso-8859-1 ">
<meta name= "generator" content= "Namo WebEditor v5.0(Trial) ">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin= "10" marginwidth= "0" topmargin= "20" marginheight= "0" >

<table align= "center" border= "0" cellpadding= "0" cellspacing= "0" width= "90% ">
<tr>
<td width= "458 ">
BitDefender
Online Scanner
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>
<tr>
<td colspan= "3" width= "912 ">
Scan report generated
at: Mon, Jun 28, 2010 - 01:33:49
</td>
</tr>

<tr>
<td width= "458 ">
 
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
Scan
path: C:\;D:\;
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
 
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
Statistics
</td>
</tr>
<tr>
<td width= "57% ">
Time
</td>
<td width= "43%" align= "right ">
05:15:59
</td>
</tr>
<tr>
<td width= "57% ">
Files
</td>
<td width= "43%" align= "right ">
700792
</td>
</tr>
<tr>
<td width= "57% ">
Folders
</td>
<td width= "43%" align= "right ">
9088
</td>
</tr>
<tr>
<td width= "57% ">
Boot Sectors
</td>
<td width= "43%" align= "right ">
0
</td>
</tr>
<tr>
<td width= "57% ">
Archives
</td>
<td width= "43%" align= "right ">
7729
</td>
</tr>
<tr>
<td width= "57% ">
Packed Files
</td>
<td width= "43%" align= "right ">
155312
</td>
</tr>
</table>
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
Results
</td>
</tr>
<tr>
<td width= "57% ">
Identified Viruses 
</td>
<td width= "43%" align= "right ">
1
</td>
</tr>
<tr>
<td width= "57% ">
Infected Files 
</td>
<td width= "43%" align= "right ">
1
</td>
</tr>
<tr>
<td width= "57% ">
Suspect Files 
</td>
<td width= "43%" align= "right ">
0
</td>
</tr>
<tr>
<td width= "57% ">
Warnings
</td>
<td width= "43%" align= "right ">
0
</td>
</tr>
<tr>
<td width= "57% ">
Disinfected
</td>
<td width= "43%" align= "right ">
0
</td>
</tr>
<tr>
<td width= "57% ">
Deleted Files
</td>
<td width= "43%" align= "right ">
1
</td>
</tr>
</table>
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
Engines Info
</td>
</tr>
<tr>
<td width= "57% ">
Virus Definitions
</td>
<td width= "43%" align= "right ">
6328317
</td>
</tr>
<tr>
<td width= "57% ">
Engine build
</td>
<td width= "43%" align= "right ">
AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)
</td>
</tr>
<tr>
<td width= "57% ">
Scan plugins
</td>
<td width= "43%" align= "right ">
17
</td>
</tr>
<tr>
<td width= "57% ">
Archive plugins
</td>
<td width= "43%" align= "right ">
44
</td>
</tr>
<tr>
<td width= "57% ">
Unpack plugins
</td>
<td width= "43%" align= "right ">
10
</td>
</tr>
<tr>
<td width= "57% ">
E-mail plugins
</td>
<td width= "43%" align= "right ">
6
</td>
</tr>
<tr>
<td width= "57% ">
System plugins
</td>
<td width= "43%" align= "right ">
4
</td>
</tr>
</table>
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
Scan Settings
</td>
</tr>
<tr>
<td width= "57% ">
First Action
</td>
<td width= "43%" align= "right ">
Disinfect
</td>
</tr>
<tr>
<td width= "57% ">
Second Action
</td>
<td width= "43%" align= "right ">
Delete
</td>
</tr>
<tr>
<td width= "57% ">
Heuristics
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Enable Warnings
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Scanned Extensions
</td>
<td width= "43%" align= "right ">
*;
</td>
</tr>

<tr>
<td width= "57% ">
Exclude Extensions
</td>
<td width= "43%" align= "right ">
 
</td>
</tr>
<tr>
<td width= "57% ">
Scan Emails
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Scan Archives
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Scan Packed
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Scan Files
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
<tr>
<td width= "57% ">
Scan Boot
</td>
<td width= "43%" align= "right ">
Yes
</td>
</tr>
</table>
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td colspan=2>  
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "252" bgcolor= "#CCCCCC ">
Scanned File
</td>
<td width= "195" bgcolor= "#CCCCCC" align= "right ">
 Status
</td>
</tr>
<tr>
<td width= "57% ">
C:\Documents and Settings\Mark Bremer\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Happy New Year!][From: Andy I. Hess]=>postcard.exe
</td>
<td width= "43%" align= "left ">
Infected with: Worm.Generic.64491
</td>
</tr><tr>
<td width= "57% ">
C:\Documents and Settings\Mark Bremer\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Happy New Year!][From: Andy I. Hess]=>postcard.exe
</td>
<td width= "43%" align= "left ">
Deleted
</td>
</tr><tr>
<td width= "57% ">
C:\Documents and Settings\Mark Bremer\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
</td>
<td width= "43%" align= "left ">
Updated
</td>
</tr>
</table>
</td>

<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
 
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

<tr>
<td width= "458 ">
 
</td>
<td width= "40% ">
 
</td>
<td width= "10% ">
 
</td>
</tr>

</table>
 

</body>
</html>

broni · 2010/06/28

There was only one infected file, which was removed:

C:\Documents and Settings\Mark Bremer\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Happy New Year!][From: Andy I. Hess]=>postcard.exe
Click to expand...

=================================================================

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

mbremer · 2010/06/29

Followed last instructions - all is well with this today's Restart

A heartfelt thank you broni for a very positive experience!

Mark

broni · 2010/06/29

Excellent!
Good luck and stay safe

Log in or Sign up

Solved Outlook keeps sending is link: kdqj.allew.com

broni Moderator Malware Analyst

mbremer Inactive Thread Starter

broni Moderator Malware Analyst

mbremer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Outlook keeps sending is link: kdqj.allew.com

broni Moderator Malware Analyst

mbremer Inactive Thread Starter

broni Moderator Malware Analyst

mbremer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches