cubswild
-
Posts
17 -
Joined
-
Last visited
-
Okay, I've tried a bunch of times now, and when clicking links in Google from Google Chrome, I'm no longer redirected--I think the problem has been solved! Do you think that the trojan was only attached to Chrome, or should I worry that it's still hidden somewhere in the computer? What do you think my next steps should be to make sure the computer isn't infected and that we never get infected again? Thanks again for all of your time!
-
Also, sorry for the multiple posts--but when you said "delete them for now," what exactly should I be deleting? The three programs that Trend Micro found? If so, it stopped them from installing, and I can't find where the ComboFix is since I deleted it before. I can uninstall OTL, I believe.
-
I'm happy to do this again--but this was the 24 hour one that just completed today. Should I do the same scan?
-
Trend micro just alerted me that it stopped suspicious software from installing itself (I believe the j:/ one is the autorun flashdrive software, but I swear I deleted ComboFix, and I can't find the program in the location it says it exists. Should I uninstall OTL yet?) Date/Time Name From Response ######## C:\Users\Alex\Downloads\ComboFix.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## C:\Users\Alex\Desktop\OTL.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## j:\install.bat <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Denied
-
Wait--unfortunately, I just found that it's still taking me to a new website when I check different links (Don't click on it, obviously, but this is one of the sites it's trying to take me to that is being blocked by Trend Micro: http://64.15.72.104/click.php?go=aHR0cDovL2NsaWNrLkdldC1BbnN3ZXJzLUZhc3QuY29tL2Fkcy1jbGlja3RyYWNrL2NsaWNrL2p1bXAxLmRvP3NpZD1CWnJBQUM0cFZXdm9WQ1EyaEZvODFUM01IazYlMkJleTNxNk9jOGVnUlN5ZDAlM0QmYWZmaWxpYXRlPTQ2MzU1JnN1YmlkPTg5MDlfMTIzMyZyYz0wJnRlcm1zPWxvcyBwb2xsaXRvcyBkaWNlbiBzb25n&b=MC4wMjg=&aff=8909&subaff=1233&time=1340387575&searcher_ip=67.149.143.234&cnt=21843&qq=los+pollitos+dicen+song&mode=&seid=fzwfj8M/33Q3TJfi+H2xwrq900gJ9R/Tluo1RgG0&se=YWJjc2VhcmNo&sid=9&pos=1) Now what do you think we should do? Should I maybe delete Chrome since IE doesn't seem to have the problem?
-
All right--the newest version of Java is running! I've done a few searches in Chrome using Google and it all of the links I click on take me to pages that I am choosing to go to. Do you think that this is the end of the trojan? Let me know if there are any other additional steps I need to be taking to ensure that the problem has ended--and to ensure that it doesn't occur again! (I currently use Trend Micro Titanium Internet security to prevent viruses, but obviously, it didn't work perfectly.)
-
Status: Disinfected (events: 9) 6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4 High 6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128 High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class High 6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce High 6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076 High 6/21/2012 9:23:16 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class High
-
Not sure why it's showing html--let me know if this is a problem.
-
<p>For some reason that last post was showing html. Let me try this again:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
-
<p>All right--after 24 hours of scanning, below is the Detected Threats report!:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div> <div> </div> <div>Let me know what my next steps should be! As always, I appreciate the time you're spending on this.</div>
-
The Kaspersky virus scan is still plugging along (it's been going for 13 hours now). I'll let you know when it has completed!
-
Hi, I ran the program successfully, but the text file you spoke of did not appear to exist. I found the Eset folder under C:\programfiles(x86)\eset\esteonlinescanner, but the only txt file in there was a setup file. I was able to create a text file of the quarantined files, though, so hopefully that is what you were looking for: C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7dad89f5-1d7d67a1 a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined Let me know if you need me to look for something else. Again, I really appreciate all the help!
-
Also, not sure it means anything, but there are a bunch of transparent temp files of old Microsoft Word documents that have now appeared on my desktop for some reason...
-
Hi again, I ran it again in safe mode (once with networking, once in just pure safe mode). Both times returned the error code 23 I copied above.
-
Thanks again for the assistance. I followed the steps above (I actually deleted Freecorder altogether besides just deleting the toolbar), and then StartNow said it was already deleted once I had done that. OTL appeared to work, but at the end of the whole process when it was creating logs, it got to what appeared was almost done, and then the following error window came up: "Win32 Error. Code: 23. Data error (cyclic redundancy check)" Any idea what this is or how to get the log files if they didn't pop up automatically? I know it was supposed to be a short process for OTL to scan, but it was almost 15 minutes. It took an ESPECIALLY long time when it was scanning Google Chrome. (Note that in my original problem with the opening random webpages from Google, this only seems to occur in Chrome right now, not in IE). Thanks!