Solved Omk and omj processes keep appearing and google is being redirected

[astuart]

I thought I pasted it well here it s.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

Looks good

Go on...

 

[astuart]

Kaspersky is still running with over 2600 objects scanned and nothing found yet.

 

[Broni]

Good. Let it run

 

[astuart]

Guess I spoke too soon 3 threats and 4 infected objects found so far

 

[Broni]

No worries. I'll have to see what was found to comment on it.

 

[astuart]

Kaspersky is stuck at 84% for over 30 min now.

 

[astuart]

Also the duration timer isn't advancing either.

 

[Broni]

Stop the process.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[astuart]

kaspersky crashed.

 

[astuart]

ok going to ESet now

 

[Broni]

OK ..........

 

[astuart]

dang now ESET has hung up at 17% for over 30 min. Could we boot from win xp disc and run an av from there?

 

[astuart]

eset did find this tho.

C:\Documents and Settings\Alan\Desktop\Games\DieRoller.exe probably a variant of Win32/Agent.MWUCXFM trojan

 

[Broni]

Could we boot from win xp disc and run an av from there?

It wouldn't work.

Just be patient. Those scans take a while, sometimes.

 

[astuart]

2hrs run time for ESET and only 34% I figure another 4hrs so will let it run overnight and post results in the am or when I get up whichever comes first.:wave:

 

[Broni]

No problemo

 

[astuart]

got the eset scan.

C:\System Volume Information\_restore{105CC3FB-D94A-4C84-8468-18BC0C93EBF5}\RP275\A0057109.exe probably a variant of Win32/Agent.MWUCXFM trojan

F:\downloads\Die roller\DieRoller.exe probably a variant of Win32/Agent.MWUCXFM trojan

F:\downloads\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar probably a variant of Win32/Agent.JGIFYBE trojan

 

[astuart]

I dumped the 2 files on F: so they are no longer an issue and I assume we need to clear the system restore cache but will wait on your comment.

 

[Broni]

Yes. That's exactly what will be done in our last steps - resetting system restore.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[astuart]

installing all you have listed here and updates are in progress. The computer seems to run faster and smoother than it did.

 

[astuart]

It appears the google redirect is still active. I can't imagine how after all this.

 

[Broni]

Your router may be infected....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

 

[astuart]

I get this when trying to renew IP.

C:\documents and settings\Alan>ipconfig /renew

Windows IP Configuration
An internal error occurred: Yhe file name is too long.
Please contact Microsoft Product Support Services for further help.
Additional Information: Unable to query host name.

 

[astuart]

3rd try worked as expected.