TechSpot

8-Steps fixed IE redirect, please double check my logs

By isaacbro
Jun 30, 2010
  1. Hi, the logs are from my mom's computer. My younger brother was over for a week and screwed her computer up. Please double check my logs for whatever else they may tell.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Our current steps have changed but I did check the logs. There is indication of a Virut infection.
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
    It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker


    Good explanation here:
    http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


    Change all of your passwords and monitor any online transactions.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DON'T backup any executable files (,exe .scr .html or .htm)
    * DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files

    Paste the log from the scans in the next reply. We'll go from there.
     
  3. isaacbro

    isaacbro TS Rookie Topic Starter

    Thanks for the extra steps - nothing was found in the searches, I've attached a notepad with results.
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    That is very good news! Now I'd like you to run Steps 2,5 and 6 from out current thread HERE:
    Step 2 for TFC
    Step 5 for GMER
    Step 6 for DDS


    When those have been done, proceed with:
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    There's some files I'll have you remove when you have finished and given me the logs in your next reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.