VSAdd-In, sansujo & Is my HijackThis log clean?

Status
Not open for further replies.
C

CJ-real

Posts: 56   +0
Hi,

Ever since I downloaded this program wich was malwere, a toolbar named VSAdd-In, I keep being redirected to 1 of 2 IP's, or sansujo.com, and then to another website (mostly search engines, mainly netster).

I deleted the files from Program files (VSAdd-In), and the folder, yet it still carries on to do this redirecting.

This made the toolbar not work, yet in View > Toolbars > VSAdd-In was still there, it just didn't work...
I have tried following many other people's articles on multiple forums, yet the way they fix it NEVER works for me, and I thought I fixed it, but the other day I realised obvoiusly not - (when I deleted the files).

This problem is REALLY bugging me now, it used to happen not that often, but now it happens:
- Once every 2 clicks, then
- Once every click (twice), then
- Normal click, then
-- Beginning of the cycle.

As you can see, only one of my search results can actually be clicked on.

HijackThis is especially good for my problem as it is only in Internet Explorer.

I deleted the following files with HijackThis: The ones that said VSAdd-In (missing file) out of here, and the View > Toolbars > VSAdd-In is GONE!- [read above about the toolbar and why it's good to be gone] yet the problem still occours)

I ALSO USED HIJACKTHIS to remove VSAdd-In from "Add or Remove Programs" as every time I clicked it, it just came back as if it was refreshing the add or remove program list.



Help is GREATLY appriciated (this is EXTREMELY annoying when I'm searching and sometimes on other websites [maybe with someone to do with google in them, e.g. a search - i'm not sure]!
Thanks!
CJ

LOG FILES MUST BE POSTED AS ATTACHMENTS AND NOT COPY AND PASTED. I have therefore deleted your other posts in this thread.
 
Hello and welcome to Techspot.

Your system is infected with several nasties.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry about the amount of posts, Techspot if you think I'm spamming, then you should consider incresing the characters in a post for this reason
 
No, we don`t think your spamming at all lol.

It`s just that HJT log must be posted as attachments. I have looked at your HJT log and your system is infected with several nasties.

Please follow the instructions in my post above.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
reply..

Here is the AVG and new HJT Log file

PS: I was meant to post that before you :p - Your amazing at replying!!!
 
Your system has several infections, including a Vundo infection.

Please follow the instructions in my first reply.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Have to go out now, the AVG is still scanning.

Will get back to this tomorrow.

- Thanks for your help so far.
 
Hi again.

When (if) we sort of these infections, will it most likely stop the google redirection?

CJ :)
 
That`s what I`m hoping for lol. The only reason you`re getting redirected is due to an infection. Once that`s gone, you should be ok.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, AVG is still scanning. Do you know what kind of things the infections on my computer can do otherwards than redirection?

also - when I try to run Windows Defender I get this error problem:
windowsdefendererroroj8.png


Can this be something that the infections are causing to happen?
 
Man, you ask a lot of questions lol.

Infections can do the following.

Steal your data, including bank/credit card details.
Wipe your data.
Crash, render your system useless and force you to reformat.
Put unwanted programmes onto your computer.
Spy on your computer use.
There was even a virus, that wiped out the bios on an infected machine, rendering the system useless.

Now stop asking questions and follow the instructions. ;)

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry about the questions :p - and people call me good at computers... well I should show them this forum.

What about my question about causing this to happen:
windowsdefendererroroj8.png

Do you think this is also being caused by the infections?
 
Yes, it`s quite possible for malware to stop programmes dead in their tracks. They can and do target antivirus/antispyware programmes specifically.

Malware can cause any number of bad things to happen on a system. See my post above.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Oh OK currently at 4/6th's of the spyware scan there is 3 infected object.

Zone Alarm antispyware doesn't detect these!

Hopefully this will be the last question:
Will this make Internet Explorer (and) my computer run faster?
 
Once I have your AVG Antispyware log and a fresh HJT log, I`ll be able to see what needs removing(if anything).

Once your system is clean, hopefully you will see an improvement in it`s performance.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\system32\vdqivze.dll
C:\WINDOWS\system32\ssqronm.dll

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {51EB3605-0A87-AFE1-42C5-0A0BCC3CA3A7} - C:\WINDOWS\system32\vdqivze.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - (no file)

O4 - HKLM\..\Run: [NAVUpdater] C:\WINDOWS\zip\csrss.exe

O4 - HKLM\..\Run: [NAVUpdater32] C:\WINDOWS\zip\services.exe

Fix all 018 Protocol: entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\zip<Delete the entire folder.
C:\Program Files\Common Files\{24E147BB-0745-1033-0928-05050622002c}<Delete the entire folder.
C:\Documents and Settings\CJ1\My Documents\My Received Files\My Received Files.zip<Delete the entire zip file as it`s infected with a keylogger.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
No, it`s not compulsory, but it is wise. It stops anyone from accidentally deleting important system files.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean, providing your AVG Antispyware log is ok, you should be good to go.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
So far so good with this sansujo redirection, i'll do a few more checks.

In the AVG log, it came up with 2 objects (SCKeylog), but this is what I deleted the file "My Recieved Files.zip"... it was just detecting it from the recycle bin, but here is the log anyway
 
I can`t see any AVG Antispyware log.

Empty your recycle bin.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I've done that, and there seems to be more so I'm adding the log to this post :)

EDIT: Read editing description
 
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh AVG Antispyware log.

Regards Howard :)

This thread is for the use of CJ-real only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
P
Searching inside a 7zip folder for a particular word in filename
Replies
0
Views
449
pjfarr
P
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
146
UdyrL
UdyrL

Latest posts

Back