8 steps completed, logs attached

Status
Not open for further replies.

Birdcrow

Posts: 8   +0
Yesterday I noticed a program called "Antivirus Plus" on my start menu and started looking for ways to remove it. While looking for it, my google searches started getting redirected. I did the eight steps and the AntiVirus Plus entry is gone from my Start Menu, but I'm still getting redirected.
 

Attachments

  • hijackthis.log
    5.7 KB · Views: 2
  • mbam-log-2010-01-25 (16-43-53).txt
    1.7 KB · Views: 1
  • SUPERAntiSpyware Scan Log - 01-25-2010 - 22-52-48.log
    552 bytes · Views: 1
FYI:
My VIPRE anti-virus just caught this program trying to run: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY6LFB33\cotv_url_control[1].js
I ran a full scan with VIPRE but did not find anything matching the above, although it did find "backdoor.bifrost"
 
Turn off system restore, Run your antivirus scan again, and turn system restore back on. Download and run Temp File Cleaner:
Cleaner
 
I ran Combofix again, and it still redirected afterward.
So I ran another VIPRE Virus Scan, CCleaner, SuperAnti Spyware, Malwarebytes, and Hijack this, and I checked after each try and it is still redirecting. The Virus scan, SuperAnti Spyware and Malwarebytes each found nothing.
I've attached new logs for combofix, malwarebytes and hijack this.

It is still redirecting as of now.
 

Attachments

  • hijackthis.log
    4.5 KB · Views: 1
  • mbam-log-2010-01-27 (15-34-20).txt
    865 bytes · Views: 0
  • combofix.txt
    13.5 KB · Views: 0
Remove these hijackthis entries:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
C:\Users\Brad\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe


Download SDFix HERE and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Boot into Safe Mode
Restart your computer and start pressing the F8 key on your keyboard.
Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run SDFix
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Attach Report.txt back herein next reply.
 
I deleted/fixed those 3 files and I was still being redirected.
I downloaded SDFix and went into Safe Mode, but the program would not run; I am using Windows 7.
 
Status
Not open for further replies.
Back