Results of 8 Steps

Status
Not open for further replies.
Hi,

I've just followed through the 8 steps. I think I was having the same probem as some other people, where by my browser was getting redirected from clicking on google search links. There was no items detected from the 'SUPERAntiSpyware' scan so there is no log. I have attached the other two.

Thanks for your help in advance.
 
You're a little short on information:
I think I was having the same problem as some other people, where by my browser was getting redirected from clicking on google search links.

"was"- does that mean it's been resolved?

This is a bad entry:
O20 - AppInit_DLLs: C:\WINDOWS\system32\pakurowe.dll,C:\WINDOWS\system32\loyuvejo.dll
pakurowe.dll is a Fraudulent Security Program

loyuejp.dll is the "Bloodhound.Exploit.196" virus.
Type: Trojan, Virus
Bloodhound.Exploit.196 is a heuristic detection for files attempting to exploit the Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID 27641).

Any DLL listed in the AppInit_DLLs value will run concurrently with every program launched, even in Safemode.

Please download ComboFix. HERE and save to your desktop::

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.


• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Have you run a current full system scan with Avast, updating right before the scan? Please let me know that- attach log if available.

You are using an out of date version of the Adobe Reader:
Update Adobe: Most current version: Adobe Reader 9.1
Vulnerabilities can be exploited. Click here to download the latest version : https://www.techspot.com/downloads/345-adobe-reader.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php

After the Avast scan and ComboFix, please run a new HijackThis scan and attach new log with Combofix report and AV scan.
 
Sorry, I think its stopped redirecting me now. After I followed the 8 steps last night it was still doing it. However, i ran a 'Gooredfix' my friend recommended, and that seems to have stopped it now. I've ran a scan using 'avast' and it did not find any files. I've attached my updated hijack this file, and combo fix file below. And finally, I also updated my adobe acrobat. Are there any viruses/malware remaining from the files now?

Thanks very much for your help.
 
There are some things in the ComboFix report that I want to bring your attention to:

1. You are running a P2P program: c:\\Program Files\\uTorrent\\uTorrent.exe
Please see the P2P section in Step 3 HERE where you are urged to Uninstall File Sharing/P2P Programs.
If you are not aware of the dangers of file sharing programs, Please see THIS.

2. You are using c:\\Program Files\\RayV\\RayV\\RayV.exe which makes me wonder what you are doing with all that data!
RayV –
turning live streaming into a business
If you are a TV channel owner looking to expand or a content owner ready to create your own TV channel.
3. You are running Football Manager 2008 which has a HUGE database. A section of it has LOCKED REGISTRY KEYS. This means that the basic malware cleaning programs can't remove any malware in them-if any.

4. You are using c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"
Some privacy concerns
Forced auto-updates
Phishing
The box which appears if a user attempts to send their password to someone through Steam Friends

Since Steam accounts give their owner access to all of their games on any computer, phishing is common. Usually, a user will pose as an administrator of Steam. They will inform a user that their account is to be closed unless they reveal their password for validation purposes. Valve has taken action to prevent this.
Despite this, phishers are often successful and accounts are stolen regularly
You have a button for Real Player:{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
It can be removed, but unless you remove Real Player it will come back.

Are there any viruses/malware remaining from the files now?
Not that I can see.

You can remove the cleaning tools now:

Download OTCleanIt HERE & save it to your desktop.
Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
Clear your existing System Restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
* Next, go to Start > Run and type in cleanmgr
"Ensure the selection is on C:\ and click on OK"-
* Select the *More options* tab
* Choose the option to clean up System Restore and OK it.
* This will remove all restore points except the new one you just created.

Let us know if you need more help and keep in mind what I mentioned.
 
Status
Not open for further replies.
Back