Solved Yahoo Searches Redirected to Unwanted Pages

Here is a pdf reference guide to your router. Recommend you save it to your computer and familiarize yourself with it.

With the router turned off or all PC's disconnected, you need to do a scan on all PC's with updated MBAM and allow it to remove anything found. While still disconnected from the router and router powered on, press and hold the Default reset button on the back of the router for approximately 10 seconds. This is covered in section 7-7 of the reference guide. You will then need to access the router control panel to configure the wireless connections.

Let me know how you make out. If you have any questions, don't hesitate to post back.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

I am happy to report that it worked All computers are working and there is no hijacking or redirecting. If you have any other advice to keep my machines and router safe, I want to hear it.

I want you to know my deep appreciation for your help. You are a genius. Thank you also for your patience and endurance. What a blessing this forum has been!

Sincerely thankful,
Hondo

 

Great news! Lets see if anything remains. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Do you want me to run Kaspersky on all the computers?

 

I think it would be a good idea, especially any that MBAM found and quarantined something on. If any of the others turn up something, lets wait and get those after finishing up this one.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Well I've run the scanner on three of the computers. Have two more to go. But the computer that we started on--my laptop was clean. Kaspersky found nothing. But the computer that the router is connected to is another story. It was terribly infected. The following is that computer's Kaspersky's scan report.

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 20, 2008 09:08:12
Records in database: 1396413
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 159320
Threat name: 16
Infected objects: 129
Suspicious objects: 0
Duration of the scan: 07:07:18


File name / Threat name / Threats count
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171503.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171809.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171810.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171811.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171812.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171813.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171814.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2160\A0171815.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\WINDOWS\NDNuninstall4_88.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Program Files\Norton AntiVirus\Quarantine\07957B36.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\07982533.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\079B4F2F.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\079F792C.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07A22328.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07A54D24.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\07A87721.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07AC211D.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07AF4B1A.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07B27516.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07B51F12.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\07B9490F.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\07BC730B.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\0D8E3C59.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\0EC11E6F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\0FF442D1.exe Infected: P2P-Worm.Win32.SdDrop.c 1
D:\Program Files\Norton AntiVirus\Quarantine\1D604C0C.dll Infected: not-a-virus:AdWare.Win32.Quick.a 1
D:\Program Files\Norton AntiVirus\Quarantine\1D604C0C.exe Infected: not-a-virus:****-Dialer.Win32.Intexdial 1
D:\Program Files\Norton AntiVirus\Quarantine\25CF707F.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
D:\Program Files\Norton AntiVirus\Quarantine\25D31A7B.exe Infected: not-a-virus:AdWare.Win32.Lop.ag 1
D:\Program Files\Norton AntiVirus\Quarantine\25D64477.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\25D96E74.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\25DC1870.exe Infected: not-a-virus:AdWare.Win32.Lop.ag 1
D:\Program Files\Norton AntiVirus\Quarantine\28AB785B.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\2E420FA1.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\3172526B.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\343B345A.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\3BF21602.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3BF869FB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3BFF3DF4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C0611ED.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
D:\Program Files\Norton AntiVirus\Quarantine\3C093BE9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C0F0FE2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C1663DB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C1C37D3.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C230BCC.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C295FC5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C335DBA.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C3A31B3.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C3D5BB0.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C4005AC.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C4759A5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C4D2D9E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C51579A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C572B93.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C5A558F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C612988.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C645384.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C687D81.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C6E517A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C717B76.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C752572.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C7B796B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C824D64.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C88215D.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C8B4B59.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C8F7556.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C95494E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3C99734B.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3C9F4744.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CA27140.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CA61B3D.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CA94539.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CAC6F35.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CAF1932.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CB3432E.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CB66D2B.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CB91727.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CBC4123.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CC06B20.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CC3151C.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CC96915.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CD03D0E.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CD71107.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CDD64FF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CE00EFC.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CE438F8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CE762F5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CEA0CF1.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CED36ED.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CF40AE6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\3CFA5EDF.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\3CFE08DB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\52D70012.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\52DA2A0E.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\52DD540A.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\52E17E07.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\52E42803.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\52E75200.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\58EC3B5F.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\58F0655C.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\58F30F58.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\58F63955.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\58FA6351.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\5B573515.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\6019386D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
D:\Program Files\Norton AntiVirus\Quarantine\677E5EC1.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
D:\Program Files\Norton AntiVirus\Quarantine\687931A2.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\6E73565B.exe Infected: Backdoor.Win32.IRCBot.gen 1
D:\Program Files\Norton AntiVirus\Quarantine\773A306A.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Program Files\Norton AntiVirus\Quarantine\7E6E5F18.exe Infected: Packed.Win32.PolyCrypt.d 1
D:\Shelbys Stuff\areslite181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 3
D:\Shelbys Stuff\areslite181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
D:\Shelbys Stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
D:\Shelbys Stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
D:\Shelbys Stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
D:\Shelbys Stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
D:\Shelbys Stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
D:\WINNT\NDNuninstall4_80.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall4_88.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall4_94.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall5_20.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall5_40.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall5_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall5_64.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall6_10.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall6_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINNT\NDNuninstall6_30.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g 1

The selected area was scanned.

 

Delete the following files on that computer.

D:\Shelbys Stuff\areslite181.exe
D:\Shelbys Stuff\setup_ares.exe
D:\WINNT\NDNuninstall4_80.exe
D:\WINNT\NDNuninstall4_88.exe
D:\WINNT\NDNuninstall4_94.exe
D:\WINNT\NDNuninstall5_20.exe
D:\WINNT\NDNuninstall5_40.exe
D:\WINNT\NDNuninstall5_48.exe
D:\WINNT\NDNuninstall5_64.exe
D:\WINNT\NDNuninstall6_10.exe
D:\WINNT\NDNuninstall6_22.exe
D:\WINNT\NDNuninstall6_30.exe

Remove all Norton Antivirus quarantined items via the Norton interface.

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now, if you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


That should be it. You can verify with another Kaspersky scan if you wish.

 

Yahoo Searches Redirected to Unwanted Pages

You wrote, "Remove all Norton Antivirus quarantined items via the Norton interface. "

Norton was removed from this computer a long time ago. This is an old hard drive from another computer. I did find the folder. Can I delete the folder?

Thanks,
Hondo

 

Yes, delete the whole D:\Program Files\Norton AntiVirus folder.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Well, we've got two computers clean. Here is the Kaspersky file from computer #3. BTW this is the last computer. I'm sure you'll be glad to be shed of me.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 19, 2008 14:56:25
Records in database: 1394285
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 113541
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:29:21


File name / Threat name / Threats count
C:\Downloads\ComcastToolbar.exe Infected: not-a-virus:AdWare.Win32.BHO.aaj 1
D:\i386\Apps\App00577\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

 

Neither of those is a threat.

Before I forget .... make sure you cange the login password on the router, and if allowed, the username too. The infection uses a list of known default login credentials to access and infect the router. The router would likely have never been infected had that been done from the start.

 

Yahoo Searches Redirected to Unwanted Pages

Noah,

I rescanned the computer that is connected to the router. I found new infections. Here is the log:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 25, 2008 13:16:15
Records in database: 1415062
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 142611
Threat name: 6
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 04:19:11


File name / Threat name / Threats count
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172173.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172176.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 3
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172176.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172179.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172179.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172179.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172179.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
D:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2166\A0172179.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1

The selected area was scanned.

 

Those are infected System Restore points. Not a threat unless you do a Restore operation. Lets get then cleared though.

Clear past system restore points and create a new one.
Right click My Computer and select Properties
Select the System Restore tab
Place a check in the box to 'Turn off System Restore on all drives'
Click Apply and OK
Now re-open and clear the checkbox, then click OK to turn System Restore back on.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

 

Yahoo Searches Redirected to Unwanted Pages

Well, it looks like all is working well.

Sometime ago I thought we were done and I thanked you only for you to show me we were not done. So I'm leaving it to you to tell me when the process is done.

Heartily,
Hondo

 

I'd say we're all done now.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Can't thank you enough. Your help has been invaluable. I also appreciate the patience with which you showed someone who is less knowledgeable as yourself.

Thanks again,
Hondo

 

You're very welcome Hondo. Glad I could help.