Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Picsou

  • Rank
    New Member
  1. Hello Maniac, I did the test again and no redirection. Seems OK . Last question: How to uninstall the following tools or shoul I uninstall them: - DDS -aswMBR - OTL - TDSkiller - Kaspersky - MinitoolBox ? Regards, Picsou
  2. Hello Maniac, I will do a last test, to ensure that at start-up, that nothing happens.
  3. hello Maniac, Good news ! I uninstalled IE 8 and reinstalled it with updates and tested the redirection. And... there was no redirection. I tested numerous pages inside and outside the bank firewall and I did not get any redirection where before I had. It seems that the uninstall and reinstall after all other corrections and validations resolved the problem. So Thank you very much . Mnogo blagodaria! Cordialement Picsou
  4. Bonjour Maniac, Yes, I still have the problem. Sorry if I did not come back but I was away for 3 days. I just tested it again, few minutes ago, and I still get the redirection. The Minitoolbox did not change any thing. Cordialement, Picsou PS: Should I uninstall IE 8 and reinstall it?
  5. Hello Maniac, find below the Minitoolbox Result.txt report: MiniToolBox by Farbar Version: 25-06-2012 Ran by Gilles (administrator) on 29-06-2012 at 13:30:00 Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings"
  6. hello Maniac, Did the Microsoft FixIt as instructed. Did it 3 times, 1 for my partition, 1 for my wife and 1 for the Admin. Each time, I closed IE and restarted it. After that, I retested the redirection. I found an advertisement on the welcome page of the bank before accessing the bank site. this advertisement has an URL similar to the one inside the bank site. So I clicked on it and was redirected to the Panda site: www.cloudantivirus.com. The URL was: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=653267&r=9878 I also did a test: In a word file, I created an hyperlink with th
  7. Bonjour Maniac, I just tested the advertisement link within my bank web site and I am still getting a redirection. I navigated within the web site and found another advertisement that had a similar url : (ex:https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192) and this one also redirected me to a web page advertising a Panda AV website. When I clicked to other advertisement that had a URL not starting with " https://rbc.bridgetrack.com..." , I did not get any redirection. I had my work Portable PC opened and i went to the bank web site. But this time there was no redirect
  8. Bonjour Maniac, i was waiting for the next step... but was away for the last 3 days. Not sure what progress you refer to ? I do not want to test the redirection (i-e clicking on the advertisement) until we are finished. Should I test it? Cordialement, Picsou
  9. Bonjour Maniac, See below, I posted the OTL Custom Scan Fixes: All processes killed ========== OTL ========== C:\Documents and Settings\Gilles\Application Data\Uniblue folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\widgets_cache folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\weather folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\shopping folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\games folder moved successfully. C:\Documents and Set
  10. Bonjour Maniac, I have done 1. Step 1: Deleting 22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip with TDSSKiller. Note that when TDSSKiller has completed the cure (deletion) and quarantined some files, a pop-up message by McAfee Antivirus Plus indicated it had detected a threat and repaired it, a trojan named: DNSChanger.as . (I am unable to paste an image into the post???) The message was as follows: - Scan Type: Real time - Threat detected: DNSCharger.as (trojan) - Status: repaired (removed) - File: C:\TDSSKiller_Quarantine\20.06.2012_18:52:07\td
  11. Bonjour Maniac, Find below the TDSSKiller file. Note that I am unable to send you the Virus Removal Tool (Kaspersky) file, because for some reasons it scanned all my hard drives including the Backup drive, even if it was not ticked in the Parameters screen. After 24 hours, I stopped it when will run it again tonight and send it to you tomorrow. But I was able to see that it did not detect any Threats on drive C, D and G. The TDSSKiller file: 22:46:41.0671 2960 TDSS rootkit removing tool Jun 15 2012 15:13:31 22:46:43.0671 2960 =========================================================
  12. Bonjour Maniac, Sorry If I did not reply rapidly to your last message. I was away for the last 3 days. Bonjour Maniac, As requested, i emptied the REcycle Bin. I tested my bank access and tested the same link (for a limited time offer for a rate) that is redirected. I clicked on it, received a Security Alert message saying: "You are about to leave a secure internet connection. It will be possible to others to view information you you send. Do you want to continue? ...." When clicking YES I was redirected to the following link: http://download.cloudantivirus.com/eng/malicious/?id=antiphis
  13. Hello Maniac, I manually deleted the folders c:\documents and settings\Owner\Local Settings\Application Data\Conduit c:\documents and settings\Hélène\Local Settings\Application Data\Conduit and also other files that had Conduit name in the file name. All these files (138) were created on May 23 (when I think I was infected first) and on June 1, 2012. See image: in the word file attached (sorry, unable to attach it and it is images from the Recycle Bin). Most of the files relate to WiseConvert. 2 examples: http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png http___storag
  14. Bonjour Maniac, Find attached the ComboFix.txt file after running ComboFix with the CFScript.txt file incorporated. Note that I had to run it twice at it seems it did not work properly the first time. Before, just a quick question for you: When I started IE to post this message, I had a pop-up asking if I wanted to make IE as my web browser by default , leaving to understand that it could not be. is this normal? the comboFix File: ComboFix 12-06-15.02 - Gilles 15/06/2012 10:26:34.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.422 [GMT -4:00] Running from: c:\doc
  15. Hello Maniac, Last message should have been signed as Picsou and not Maniac. ;-)) Regards, Picsou
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.