Google Redirect Virus, 8 Steps Complete, Still Have Virus..
- Thread starter angelrem
- Start date
- Status
AnonymousSurfer
Posts: 456 +38
Hi angelrem,
Here are the Malicious software found via Hijackthis (There are a lot):
NOTE: That is extremely nasty ^^^^^^^^^^^^.
Here are the Malicious software found via Hijackthis (There are a lot):
Code:
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0NOTE: That is extremely nasty ^^^^^^^^^^^^.
Code:
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Angel\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Bobbye
Posts: 16,313 +36
angelrem, please do not run Combofix at this point. I will review your logs shortly and help you with the malware.
You system is badly infected. Can you please give me some history on this:
Your system has a Vundo infection, to name one and also numerous Trojans.
AnonymousSurfer, please stop advising these members.
You system is badly infected. Can you please give me some history on this:
Your system has a Vundo infection, to name one and also numerous Trojans.
AnonymousSurfer, please stop advising these members.
Bobbye
Posts: 16,313 +36
Are you running the Zone Alarm Security Suite which includes an antivirus, anti-spyware, and firewall protection and costs $40.00? Or are you just using the free Zone Alarm firewall?
The only entries I see are the usual ones for the ZA firewall. If that is all you have, then you don't have an antivirus program to protect you. If this is the case, please get one of the following AV programs on the system:
Recommended Free Anti Virus:
Avira Free
OR
Avast Free
When you have resolved the possible AV problem:
Please download VundoFix.exe HERE and save to your desktop:
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please rescan with HijackThis and paste that log into the next reply.
The only entries I see are the usual ones for the ZA firewall. If that is all you have, then you don't have an antivirus program to protect you. If this is the case, please get one of the following AV programs on the system:
Recommended Free Anti Virus:
Avira Free
OR
Avast Free
When you have resolved the possible AV problem:
Please download VundoFix.exe HERE and save to your desktop:
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the ‘Fix Vundo’ button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please rescan with HijackThis and paste that log into the next reply.
Bobbye
Posts: 16,313 +36
It appears that you may have a Virut infection. Before we go any further, please do the following:
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
----------------------------
Paste the log into your next reply.
Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker
More information here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
Because of this possibility, please change all of your passwords and monitor any online financial transactions.
I will advise you further after I see that log.
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\system32\userinit.exe
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
----------------------------
Paste the log into your next reply.
Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker
More information here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
Because of this possibility, please change all of your passwords and monitor any online financial transactions.
I will advise you further after I see that log.
Will you please help me also?
I tried to download something off of the internet which I first scanned with McAfee and it said it didn't have any viruses.
When I tried to run the program, a windows alert came up and said: "A spooler subsystem app has encountered a problem and needs to close.
Ever since that time, every 5 minutes, I was getting an alert from McAfee telling me that a trojan was quarantined. It was New Malware.j My McAfee subscription is up so I think that is why it won't delete the trojan. Ever since I got the first trojan alert, I had a google redirect problem.
I went into C:\Windows\TEMP and deleted all of the files, then proceeded to shred my recycling bin to get rid of them and for about ten minutes after didn't have the redirectinig problem, but it came back?
Will you help me?
I tried to download something off of the internet which I first scanned with McAfee and it said it didn't have any viruses.
When I tried to run the program, a windows alert came up and said: "A spooler subsystem app has encountered a problem and needs to close.
Ever since that time, every 5 minutes, I was getting an alert from McAfee telling me that a trojan was quarantined. It was New Malware.j My McAfee subscription is up so I think that is why it won't delete the trojan. Ever since I got the first trojan alert, I had a google redirect problem.
I went into C:\Windows\TEMP and deleted all of the files, then proceeded to shred my recycling bin to get rid of them and for about ten minutes after didn't have the redirectinig problem, but it came back?
Will you help me?
Bobbye
Posts: 16,313 +36
allyssax3, you will need to start a separate thread for help.
The first thing you need to do tough is to get a functioning, updated antivirus program on the computer. Here are 2 free recommendations> use either one, not both:
Avira Free
Avast Home
Okay to copy what you have in your post here, but you will need to follow the steps in our Virus and Malware Removal HERE.
Please attach the logs from the programs in your new thread.
There is no 'also' in this forum. While problem may sound alike, all help given is only for the member who began this thread. Your problem will be seen by more members in a new thread.
The first thing you need to do tough is to get a functioning, updated antivirus program on the computer. Here are 2 free recommendations> use either one, not both:
Avira Free
Avast Home
Okay to copy what you have in your post here, but you will need to follow the steps in our Virus and Malware Removal HERE.
Please attach the logs from the programs in your new thread.
There is no 'also' in this forum. While problem may sound alike, all help given is only for the member who began this thread. Your problem will be seen by more members in a new thread.
- Status
Similar threads
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied
