TechSpot

Redirecting browser problem

By jj0515
Aug 9, 2010
  1. I always have a browser redirecting problem. Actually, I followed your UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Ok. Now you need to post the logs as requested in that post please.
     
  3. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    4 txt files attached
     

    Attached Files:

  4. crunchie

    crunchie Malware Helper Posts: 728

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1
    Link 2

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt
    Please post the contents of that document in your next reply.

    ============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    I downloaded SecurityCheck.exe saved on the Desktop, double clicked but nothing happened. OTL executed ok.
     

    Attached Files:

  6. crunchie

    crunchie Malware Helper Posts: 728

    Norton might be blocking the security check executable. Can you disable it and try again please.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      :Commands
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    =======

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on the Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  7. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    3 logs

    I tried SecurityCheck.exe again with my Antivirus disabled and it worked. Then, from OTL Run Fix, then OTL again Quick Scan. attached are the ff. logs
     

    Attached Files:

  8. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    haven't done Kapersky yet till you reply
     
  9. crunchie

    crunchie Malware Helper Posts: 728

    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    ==

    Once you have done that, go ahead and run the Kaspersky scan please.
     
  10. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    hi, back again, no logs produced from OTL. Kapersky Scan log attached.
     

    Attached Files:

  11. crunchie

    crunchie Malware Helper Posts: 728

    Did you run JavaRa?

    ===========

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      C:\ProgramData\SysWoW32\wu1791871956v1
      C:\Users\All Users\SysWoW32\wu1791871956v1
      :OTL
      
      :Commands
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ================

    Let me know how the pc is please.
     
  12. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    2 new logs attached.
     

    Attached Files:

  13. crunchie

    crunchie Malware Helper Posts: 728

    Looks good, but how is the pc now?
     
  14. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    i don't get browser redirected anymore, but why is there OTL subfolder created with another subfolders under it?
     

    Attached Files:

    • otl.jpg
      otl.jpg
      File size:
      166.5 KB
      Views:
      1
  15. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    AntiVirus

    I have Norton Internet Security that expires in 25 days, do you recommend Kapersky instead? What software do you recommend in your opinion?
     
  16. crunchie

    crunchie Malware Helper Posts: 728

    That is how OTL works. It creates a folder to move the 'fixed' files to. The folder will be renoved in the next part.

    I would recommend using either one of these free offerings;
    Comodo.
    Avast.
    Avira,
    or, if you prefer to pay;

    NOD32.
    Kaspersky.

    =========

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
     
  17. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    When i ran OTC.exe i get the this message. (attached file)
     

    Attached Files:

    • OTC.jpg
      OTC.jpg
      File size:
      19.8 KB
      Views:
      2
  18. crunchie

    crunchie Malware Helper Posts: 728

    Ok. Try this instead:

    Launch OTL and click on the Cleanup button. Follow the prompts.

    That should do almost the same thing.
     
  19. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    I think that's all a very very BIG help and Thank you very much that my PC back in track again
     
  20. crunchie

    crunchie Malware Helper Posts: 728

    No worries at all. Glad to help :)
     
  21. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    anyone can help me to get rid of security risk wsnmp3232.exe?
     
  22. crunchie

    crunchie Malware Helper Posts: 728

    Start yourself a new thread and follow the steps as before please.
     
  23. jj0515

    jj0515 TS Rookie Topic Starter Posts: 16

    Bear with me but how do I star a new thread?
     
  24. crunchie

    crunchie Malware Helper Posts: 728

    You need to go back out of this thread and into the Virus forum. Close to the top there is a button that says + New Topic.
    Thats it :).

    ====

    Please read the directions given here and when done, post the requested logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...