Redirect Virus
- Thread starter Zalemam
- Start date
- Status
touch
Posts: 976 +0
Hello Zalemam
Sorry for late reply.
Try malwarebyte again, slightly different ->
Download malwarebyte
http://www.download.com/Malwarebyte...4-10804572.html?tag=mncol;pop&cdlPid=10878968
Save the file as setup.exe
Run the setup.exe file
When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
If automatic update fail, download and install the manual update ->
http://www.gt500.org/malwarebytes/mbam-rules.exe
Go into the Malware folder in through Program Files
Rename the mbam.exe to 123.exe and run it.
Do a full computer scan
Check all and remove/fix/delete them.
Restart your computer and post the log.
Nb. It is possible you´ll have to scan from safe mode
Sorry for late reply.
Try malwarebyte again, slightly different ->
Download malwarebyte
http://www.download.com/Malwarebyte...4-10804572.html?tag=mncol;pop&cdlPid=10878968
Save the file as setup.exe
Run the setup.exe file
When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
If automatic update fail, download and install the manual update ->
http://www.gt500.org/malwarebytes/mbam-rules.exe
Go into the Malware folder in through Program Files
Rename the mbam.exe to 123.exe and run it.
Do a full computer scan
Check all and remove/fix/delete them.
Restart your computer and post the log.
Nb. It is possible you´ll have to scan from safe mode
touch
Posts: 976 +0
It looks like the updated malwarebyte found a gxvxccounter rootkit 
And there are probably more rootkit files hiding.
I´ll therefore suggest you post a combolog ->
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
And there are probably more rootkit files hiding.
I´ll therefore suggest you post a combolog ->
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
touch
Posts: 976 +0
It´s certainly not easy to pronounce the filenames
P2P software/programs are a major contributor to your infections.
We reserve the right to withdraw our support:
If such programs are found in your logs
Should you not agree to their removal.
As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer
Uninstall:
c:\program files\LimeWire
Reboot, attach new combofix log
P2P software/programs are a major contributor to your infections.
We reserve the right to withdraw our support:
If such programs are found in your logs
Should you not agree to their removal.
As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer
Uninstall:
c:\program files\LimeWire
Reboot, attach new combofix log
touch
Posts: 976 +0
Sounds good.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
And you´re done.
Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
And you´re done.
Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place
- Status
Similar threads
Latest posts
-
Adobe Firefly and Photoshop receive new AI enhancements, hilarity ensues
- Daniel Sims replied
-
Microsoft is rolling out new Start menu ads to all Windows 11 users despite backlash- scavengerspc replied
