Results of 8 Steps

By 442pabz
Apr 13, 2009
  1. Hi,

    I've just followed through the 8 steps. I think I was having the same probem as some other people, where by my browser was getting redirected from clicking on google search links. There was no items detected from the 'SUPERAntiSpyware' scan so there is no log. I have attached the other two.

    Thanks for your help in advance.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're a little short on information:
    "was"- does that mean it's been resolved?

    This is a bad entry:
    O20 - AppInit_DLLs: C:\WINDOWS\system32\pakurowe.dll,C:\WINDOWS\system32\loyuvejo.dll
    pakurowe.dll is a Fraudulent Security Program

    loyuejp.dll is the "Bloodhound.Exploit.196" virus.
    Type: Trojan, Virus
    Bloodhound.Exploit.196 is a heuristic detection for files attempting to exploit the Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID 27641).

    Any DLL listed in the AppInit_DLLs value will run concurrently with every program launched, even in Safemode.

    Please download ComboFix. HERE and save to your desktop::

    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.

    • Run Combo-Fix.exe and follow the prompts.
    Have you run a current full system scan with Avast, updating right before the scan? Please let me know that- attach log if available.

    You are using an out of date version of the Adobe Reader:
    After the Avast scan and ComboFix, please run a new HijackThis scan and attach new log with Combofix report and AV scan.
  3. 442pabz

    442pabz TS Rookie Topic Starter

    Sorry, I think its stopped redirecting me now. After I followed the 8 steps last night it was still doing it. However, i ran a 'Gooredfix' my friend recommended, and that seems to have stopped it now. I've ran a scan using 'avast' and it did not find any files. I've attached my updated hijack this file, and combo fix file below. And finally, I also updated my adobe acrobat. Are there any viruses/malware remaining from the files now?

    Thanks very much for your help.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    There are some things in the ComboFix report that I want to bring your attention to:

    1. You are running a P2P program: c:\\Program Files\\uTorrent\\uTorrent.exe
    Please see the P2P section in Step 3 HERE where you are urged to Uninstall File Sharing/P2P Programs.
    If you are not aware of the dangers of file sharing programs, Please see THIS.

    2. You are using c:\\Program Files\\RayV\\RayV\\RayV.exe which makes me wonder what you are doing with all that data!
    3. You are running Football Manager 2008 which has a HUGE database. A section of it has LOCKED REGISTRY KEYS. This means that the basic malware cleaning programs can't remove any malware in them-if any.

    4. You are using c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"
    You have a button for Real Player:{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    It can be removed, but unless you remove Real Player it will come back.

    Not that I can see.

    You can remove the cleaning tools now:

    Download OTCleanIt HERE & save it to your desktop.
    Clear your existing System Restore points and establish a new clean restore point:
    Let us know if you need more help and keep in mind what I mentioned.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...