Recently, Avira 10.0 is detecting Malware in scan and guard mode. My search engine links (Yahoo and Google) are redirected to some other web site such as Ask Jeeves or a different shop. Occasionally, a web page will pop up offering products or services such as TheClickCheck dot com or somthing similar to which I've already been looking at.
I've completed the 8 steps and hopefully someone can help me. I've copy/pasted the Malware log below. The DDS log exceeded the 20,000 character limit of posts so is attached with the Attach log.
GMER scan kept crashing so was done in safe mode and the log is very, very long. It's too big (446kb) to attach.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4245
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/06/2010 12:51:17
mbam-log-2010-06-27 (12-51-17).txt
Scan type: Quick scan
Objects scanned: 128549
Time elapsed: 15 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\RapportMgmtService.exe (Security.Hijack) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\RapportService.exe (Security.Hijack) ->
Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\none
p (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad:
(C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,)
Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted
successfully.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start
Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) ->
Quarantined and deleted successfully.
I've completed the 8 steps and hopefully someone can help me. I've copy/pasted the Malware log below. The DDS log exceeded the 20,000 character limit of posts so is attached with the Attach log.
GMER scan kept crashing so was done in safe mode and the log is very, very long. It's too big (446kb) to attach.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4245
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/06/2010 12:51:17
mbam-log-2010-06-27 (12-51-17).txt
Scan type: Quick scan
Objects scanned: 128549
Time elapsed: 15 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\RapportMgmtService.exe (Security.Hijack) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\RapportService.exe (Security.Hijack) ->
Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\none
p (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad:
(C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,)
Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted
successfully.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start
Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) ->
Quarantined and deleted successfully.