8-Steps fixed IE redirect, please double check my logs

Status
Not open for further replies.
Hi, the logs are from my mom's computer. My younger brother was over for a week and screwed her computer up. Please double check my logs for whatever else they may tell.
 

Attachments

  • mbam-log-2010-06-29 (21-35-53).txt
    3.5 KB · Views: 1
  • SUPERAntiSpyware Scan Log - 06-29-2010 - 22-53-10.log
    23.7 KB · Views: 1
  • hijackthis.log
    18 KB · Views: 0
Our current steps have changed but I did check the logs. There is indication of a Virut infection.
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker


Good explanation here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


Change all of your passwords and monitor any online transactions.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

* Backup all your documents and important items only.
* DON'T backup any executable files (,exe .scr .html or .htm)
* DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files

Paste the log from the scans in the next reply. We'll go from there.
 
Thanks for the extra steps - nothing was found in the searches, I've attached a notepad with results.
 

Attachments

  • VirSCAN.org FREE on-line scan service.txt
    9.2 KB · Views: 1
That is very good news! Now I'd like you to run Steps 2,5 and 6 from out current thread HERE:
Step 2 for TFC
Step 5 for GMER
Step 6 for DDS


When those have been done, proceed with:
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

There's some files I'll have you remove when you have finished and given me the logs in your next reply.
 
Status
Not open for further replies.
Back