also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Closed] Google redirect to 7search.com and other malicious sites

Discussion in 'Virus and Malware Removal' started by mitdrissia, Dec 8, 2010.

Thread Status:
Not open for further replies.
Page 3 of 3

  1. mitdrissia Newcomer, in training

    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/07 15:16:11 (CET)
    Scanner results: Scanners did not find malware!
    File Name : userinit.exe
    File Size : 26112 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175
    SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
    Online report : http://virscan.org/report/059ac90ef438471c077dd6aa0918958d.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
    AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.29 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101072124 2011-01-07 0.13 -
    Authentium 5.1.1 201101062238 2011-01-06 1.58 -
    AVAST! 4.7.4 110107-0 2011-01-07 0.01 -
    AVG 8.5.850 271.1.1/3365 2011-01-07 0.39 -
    BitDefender 7.90123.6601913 7.35584 2011-01-07 7.72 -
    ClamAV 0.96.5 12488 2011-01-07 0.03 -
    Comodo 4.0 7323 2011-01-07 40.15 -
    CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.04 -
    Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.23 -
    F-Prot 4.4.4.56 20110106 2011-01-06 1.47 -
    F-Secure 7.02.73807 2011.01.07.06 2011-01-07 11.57 -
    Fortinet 4.2.254 12.762 2011-01-07 40.09 -
    GData 21.1494/21.596 20110107 2011-01-07 40.09 -
    ViRobot 20110107 2011.01.07 2011-01-07 40.10 -
    Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.04 -
    JiangMin 13.0.900 2011.01.07 2011-01-07 40.13 -
    Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
    KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.12 -
    McAfee 5400.1158 6218 2011-01-06 18.79 -
    Microsoft 1.6402 2011.01.06 2011-01-06 40.09 -
    Norman 6.06.11 6.06.00 2010-12-07 10.01 -
    Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
    Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
    Quick Heal 11.00 2011.01.07 2011-01-07 40.09 -
    Rising 20.0 22.81.04.01 2011-01-07 40.13 -
    Sophos 3.15.0 4.61 2011-01-07 2.96 -
    Sunbelt 3.9.2464.2 7985 2011-01-06 40.09 -
    Symantec 1.3.0.24 20110106.003 2011-01-06 0.06 -
    nProtect 20110106.01 9546586 2011-01-06 40.09 -
    The Hacker 6.7.0.1 v00111 2011-01-06 40.15 -
    VBA32 3.12.14.2 20110106.1408 2011-01-06 3.39 -
    VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 2.53 -



    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/07 15:34:08 (CET)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 2870272 byte
    File Type : PE32+ executable for MS Windows (GUI)
    MD5 : 9aaaec8dac27aa17b053e6352ad233ae
    SHA1 : 0f841176602288ee1be832573265f88ca78f4ba7
    Online report : http://virscan.org/report/ce9cee8a249732fbae0898489e795b93.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
    AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101072224 2011-01-07 0.12 -
    Authentium 5.1.1 201101062238 2011-01-06 1.44 -
    AVAST! 4.7.4 110107-0 2011-01-07 0.12 -
    AVG 8.5.850 271.1.1/3365 2011-01-07 0.26 -
    BitDefender 7.90123.6601913 7.35584 2011-01-07 6.23 -
    ClamAV 0.96.5 12488 2011-01-07 0.77 -
    Comodo 4.0 7323 2011-01-07 40.09 -
    CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.49 -
    Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.43 -
    F-Prot 4.4.4.56 20110106 2011-01-06 1.45 -
    F-Secure 7.02.73807 2011.01.07.07 2011-01-07 0.18 -
    Fortinet 4.2.254 12.762 2011-01-07 40.09 -
    GData 21.1494/21.596 20110107 2011-01-07 40.09 -
    ViRobot 20110107 2011.01.07 2011-01-07 40.13 -
    Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.10 -
    JiangMin 13.0.900 2011.01.07 2011-01-07 40.09 -
    Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
    KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.09 -
    McAfee 5400.1158 6218 2011-01-06 18.47 -
    Microsoft 1.6402 2011.01.06 2011-01-06 40.13 -
    Norman 6.06.11 6.06.00 2010-12-07 14.02 -
    Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
    Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
    Quick Heal 11.00 2011.01.07 2011-01-07 40.09 -
    Rising 20.0 22.81.04.01 2011-01-07 40.09 -
    Sophos 3.15.0 4.61 2011-01-07 3.08 -
    Sunbelt 3.9.2464.2 7985 2011-01-06 40.11 -
    Symantec 1.3.0.24 20110106.003 2011-01-06 0.15 -
    nProtect 20110106.01 9546586 2011-01-06 40.09 -
    The Hacker 6.7.0.1 v00111 2011-01-06 40.09 -
    VBA32 3.12.14.2 20110106.1408 2011-01-06 3.19 -
    VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 3.60 -



    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/07 15:48:00 (CET)
    Scanner results: Scanners did not find malware!
    File Name : svchost.exe
    File Size : 20992 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 54a47f6b5e09a77e61649109c6a08866
    SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
    Online report : http://virscan.org/report/be898f64b43d1e2d83fc8578b8894137.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
    AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.27 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101072224 2011-01-07 0.04 -
    Authentium 5.1.1 201101062238 2011-01-06 1.47 -
    AVAST! 4.7.4 110107-0 2011-01-07 0.01 -
    AVG 8.5.850 271.1.1/3365 2011-01-07 0.26 -
    BitDefender 7.90123.6601913 7.35584 2011-01-07 6.07 -
    ClamAV 0.96.5 12488 2011-01-07 0.01 -
    Comodo 4.0 7323 2011-01-07 40.09 -
    CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.04 -
    Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.17 -
    F-Prot 4.4.4.56 20110106 2011-01-06 1.47 -
    F-Secure 7.02.73807 2011.01.07.07 2011-01-07 11.54 -
    Fortinet 4.2.254 12.762 2011-01-07 40.09 -
    GData 21.1494/21.596 20110107 2011-01-07 40.10 -
    ViRobot 20110107 2011.01.07 2011-01-07 40.09 -
    Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.02 -
    JiangMin 13.0.900 2011.01.07 2011-01-07 40.09 -
    Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
    KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.09 -
    McAfee 5400.1158 6218 2011-01-06 18.34 -
    Microsoft 1.6402 2011.01.06 2011-01-06 40.09 -
    Norman 6.06.11 6.06.00 2010-12-07 10.01 -
    Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
    Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
    Quick Heal 11.00 2011.01.07 2011-01-07 40.08 -
    Rising 20.0 22.81.04.01 2011-01-07 40.09 -
    Sophos 3.15.0 4.61 2011-01-07 2.98 -
    Sunbelt 3.9.2464.2 7985 2011-01-06 40.09 -
    Symantec 1.3.0.24 20110106.003 2011-01-06 3.69 -
    nProtect 20110106.01 9546586 2011-01-06 40.11 -
    The Hacker 6.7.0.1 v00111 2011-01-06 40.09 -
    VBA32 3.12.14.2 20110106.1408 2011-01-06 3.34 -
    VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 2.52 -



    Virustotal.com --> Esafe found a trojan-- eSafe 7.0.17.0 2011.01.06 Win32.TrojanHorse
    here is the link of the scan if it works:
    http://www.virustotal.com/file-scan...4e42792619a8a3a6d11e1f0025a7324bc2-1294411759

    ok what now?
    mitdrissia, Jan 7, 2011
    #41

  2. mitdrissia Newcomer, in training

    Can you help me out because i can't get the redirect go away.Its more then 3 weeks now.
    mitdrissia, Jan 9, 2011
    #42

  3. Bobbye Helper on the Fringe

    It's been 4 weeks and it took over one week for you to get logs for me to review. Then you weren't home and you 'were busy.'

    After 1 week, I asked:
    A week later, you answered. But you ended up discarding Internet Explorer and Firefox and installing Chrome. Then you started having other problems which you seemed to think followed Combofix although I hadn't instructed you to run it yet. And when you did run it, the only entry removed was a Backdoor Trojan.

    You did not provide me with a log but said 'two days ago' Mbam said your Firefox profiles was malware and it was removed.

    And this is the description of the IoBit security I instructed you to remove:
    C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe which is Related to IOBit Advanced SystemCare. ROGUE! program.

    You are running a great number of processes. My job when I see the logs is to make sure every one of them is legitimate and okay to be on the system- or to set it up to be removed.

    After 2 weeks, I told you that unless you give me the logs, I can't direct you. Then you tell me you get popups after Combofix, but don't tell me what they are.

    Then you went on 'holiday'! And now you've started getting blue screens. And after attempting to get an online virus scan, you told me repeatedly that neither would work with Windows 7. I documented that they would- and magically, out of nowhere, the log for Eset appears! It showed the Java cache entries-again- that were supposedly removed. So I moved them again.

    Since there was nothing else to do, I gave you instructions to remove the cleaning tools and logs. But you told me Combofix stated Virut which is a serious, non-curable polymorphic file infector. I had you run the online scan to check for Virut.

    There was no Virus but you referred me to a VirScan log showing a Trojan- but that was a reference log that had already been run. It does not appear to be your result.
    ==============================================
    I think I have extended every courtesy to you, given you clear instructions and patiently waited for you to follow them. At this point, I do not think I can help you and am going to withdraw my support and close this thread.
    Bobbye, Jan 9, 2011
    #43
Page 3 of 3
Thread Status:
Not open for further replies.