hi..My pc got infected i guess from a trojan which initially caused a display of security toolbar 7.1 and changed my homepage to security files.However i did manage to get rid of that by doing smitfraud fix first and then running super anti spyware. Also i was able to disable from services.msc the security center.However wasnt able to stop it since the stop button wasnt getting highlighted thats y i feel my system still has some traces of that trojan or some other adware.This is evident from the fact that when i click on google links the link gets redirected to some other link known as autosearch daily search something like this. pls help me with this .Iam a new member of your site.pls do help me find way out of it.I also tried downloading a patch from microsoft site for IE6 redirection but it doesnt seem to have cured the problem.iam posting the hijack this log for analysis.Pls help me out guys...
Google getting redirected Pls help
- Thread starter fardeen
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
I have deleted your other posts on this subject.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I have deleted your other posts on this subject.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
All steps taken Howard
Thanx a million first of all for responding to my issue.Iam sure I'll be able to get rid of these malicious softwares if professionals like you are there to help me out.Thanx again...Coming back to technical stuff,I did whatever you told me to do and I guess also in the way you told me to.Iinstalled and ran C cleaner and the three tools,smitfraud fix(which I had already used before),virtumundo be gone and vundofix and panda antirootkit programme all of which showed negative results.panda antirootkit scanned 3082 items and found no known or unknown rootkits.I also did combofix ,the log of which I have attached with the reply.I did combofix and adware 2007 from normal mode and not from safe mode.I dont know whether I have done the right thing or not.Then I did spybot (from safe mode) and also AVG antispyware from safe mode(Log attached).Finally I have done the HJT and the log is attached.AVG and spybot removed a few things and after that when I tried google again,it seemed to be working fine(all because of you).However I just want to make completely sure ,so sir pls analyse my logs and pls advice me further on the issue. Iam using quickheal as antivirus right now.Thanx again
Thanx a million first of all for responding to my issue.Iam sure I'll be able to get rid of these malicious softwares if professionals like you are there to help me out.Thanx again...Coming back to technical stuff,I did whatever you told me to do and I guess also in the way you told me to.Iinstalled and ran C cleaner and the three tools,smitfraud fix(which I had already used before),virtumundo be gone and vundofix and panda antirootkit programme all of which showed negative results.panda antirootkit scanned 3082 items and found no known or unknown rootkits.I also did combofix ,the log of which I have attached with the reply.I did combofix and adware 2007 from normal mode and not from safe mode.I dont know whether I have done the right thing or not.Then I did spybot (from safe mode) and also AVG antispyware from safe mode(Log attached).Finally I have done the HJT and the log is attached.AVG and spybot removed a few things and after that when I tried google again,it seemed to be working fine(all because of you).However I just want to make completely sure ,so sir pls analyse my logs and pls advice me further on the issue. Iam using quickheal as antivirus right now.Thanx again
howard_hopkinso
Posts: 21,238 +17
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Dap
Close control panel.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Dap
Close control panel.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Cf Done From Script
Thanx again howard.. I have done the combofix from the combofix script you provided me. It found a strain of trojan autoit which it deleted.Iam attaching the log file of the CF scan along with a new HJT log.Thanx for all the support you are providing me.Iam very very sure that Iam on the right path to eliminate these malicious things....
Thanx again howard.. I have done the combofix from the combofix script you provided me. It found a strain of trojan autoit which it deleted.Iam attaching the log file of the CF scan along with a new HJT log.Thanx for all the support you are providing me.Iam very very sure that Iam on the right path to eliminate these malicious things....
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {DB9D6AFD-8168-47DD-8169-C6CB026CCF72} - C:\WINDOWS\system32\deskper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\drivers\akliqnar.dat
C:\WINDOWS\system32\drivers\lddvbjyx.dat
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {DB9D6AFD-8168-47DD-8169-C6CB026CCF72} - C:\WINDOWS\system32\deskper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\deskper.dll
C:\WINDOWS\system32\drivers\akliqnar.dat
C:\WINDOWS\system32\drivers\lddvbjyx.dat
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
A query on the topic
Thanx howard again for replying...Before I proceed with the HJT,I just wanted to ask that is DAP(Download accelerator plus ) being harmful to my PC as its the default download manager Iam using.I think proceeding with the HJT will remove the dap exe.Pls advice me on this.I'll certainly delete it if you'll tell me to do so.Thanx again howard....
Regards,
Fardeen
Thanx howard again for replying...Before I proceed with the HJT,I just wanted to ask that is DAP(Download accelerator plus ) being harmful to my PC as its the default download manager Iam using.I think proceeding with the HJT will remove the dap exe.Pls advice me on this.I'll certainly delete it if you'll tell me to do so.Thanx again howard....
Regards,
Fardeen
howard_hopkinso
Posts: 21,238 +17
Dap places adware on your computer and that`s why I advised it be uninstalled.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Not able to delete files
Thanx howard...I have removed DAP completely from my system and carried out the HJT removal as you said and removed the browser helper objects and all the things that you mentioned . But when i tried to remove the four files that you mentioned(deskper.dll etc),I wasnt able to delete them due to an access violation error. I tried deleting them from cmd prompt but was unsuccessful. I finally tried using killbox and AVG file shredder but they too were not able to delete those files.Pls tell me howard what should i do now.iam posting the fresh HJT log alongwith.Thanx brother for all the support you are giving me.
Thanx howard...I have removed DAP completely from my system and carried out the HJT removal as you said and removed the browser helper objects and all the things that you mentioned . But when i tried to remove the four files that you mentioned(deskper.dll etc),I wasnt able to delete them due to an access violation error. I tried deleting them from cmd prompt but was unsuccessful. I finally tried using killbox and AVG file shredder but they too were not able to delete those files.Pls tell me howard what should i do now.iam posting the fresh HJT log alongwith.Thanx brother for all the support you are giving me.
howard_hopkinso
Posts: 21,238 +17
You haven`t posted the fresh Combofix log as requested. Please do so.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The requested combofix log
Sorry brother ,wasnt in the city for the last two days and hence wasnt able to send you the combofix log which you asked me for.Howard ,i also wanted to tell you that even HJT wasnt able to fix the BHO which included deskper.dll and neither the files are getting deleted even by the delete on reboot function in HJT.iam posting the fresh HJT and combofix logs .Thanx howard.
Sorry brother ,wasnt in the city for the last two days and hence wasnt able to send you the combofix log which you asked me for.Howard ,i also wanted to tell you that even HJT wasnt able to fix the BHO which included deskper.dll and neither the files are getting deleted even by the delete on reboot function in HJT.iam posting the fresh HJT and combofix logs .Thanx howard.
howard_hopkinso
Posts: 21,238 +17
Ok, let`s try this.
Download DrWebCureit to your desktop.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
Copy and paste the contents of the DrWeb.csv into your next reply and attach a fresh HJT log.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download DrWebCureit to your desktop.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
Copy and paste the contents of the DrWeb.csv into your next reply and attach a fresh HJT log.
Regards Howard
This thread is for the use of fardeen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Dear HH, (TechSpot Evangelist)
I didn't know where to put this, but I just wanted to write to you to say a HUGE 'Thank You'.
I've been battling with this problem for two weeks now, and the DrWeb_cureit solved the problem for me first time.
I can't thank you 'techies' enough... I really can't.
You just saved my old little machine from being thrown out of the window!
Thanks again,
scoobs
I didn't know where to put this, but I just wanted to write to you to say a HUGE 'Thank You'.
I've been battling with this problem for two weeks now, and the DrWeb_cureit solved the problem for me first time.
I can't thank you 'techies' enough... I really can't.
You just saved my old little machine from being thrown out of the window!
Thanks again,
scoobs
- Status
Similar threads
Latest posts
-
Ford is losing boatloads of money on every electric vehicle sold- Glen Glenn replied
