orena0
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by orena0
-
-
this should be complete one, sorry
-
combofix log attached
-
combo.txt atached
-
-
-
Hi
I have hijack on my second pc, very similar to the first one. All comes from Vshare plugin
I attached log from Malwarebytes, DDS and aswMBR
Please advise what to do next
-
-
Hi Team
Please help how to remove Hijack from my pc
Please see log from malwarebytes below:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.14.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]
Protection: Enabled
14/10/2012 19:04:30
mbam-log-2012-10-14 (19-19-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196410
Time elapsed: 13 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»áµ -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: StartSearchTB -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=ce09d400-db1d-11e0-ac68-001b24b8795a) Good: (http://www.google.com) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Program Files\StartSearch plugin\ssBarLcher.dll (PUP.VShareRedir) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-216454193-2199948706-2891478122-1000\$RWS8EIN.exe (HackTool.SnadBoy) -> No action taken.
(end)
-
Last log from Malwarebytes
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.01.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kamil :: KAMIL-PC [administrator]
01/10/2012 15:37:46
mbam-log-2012-10-01 (15-37-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215202
Time elapsed: 1 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
All looks good, nothing found now.
Great thanks !!!!
-
Last log attached
-
AdeCleaner report attached
-
-
Hi
I can not delete Hijack.StartPage from my PC. Installed from vshare video plugin
LOg from Malwarebytes below:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.29.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kamil :: KAMIL-PC [administrator]
01/10/2012 11:48:56
mbam-log-2012-10-01 (13-00-03).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326320
Time elapsed: 29 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/...0a-00e04db1dbb4) Good: (http://www.google.com) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
My startup page is www.error.com can change it back to google but when restart browser changes did not apply.
Please advise what to do to remove this from my computer. THX
-
Hi
I can not delete Hijack.StartPage from my PC. Installed from vshare video plugin
LOg from Malwarebytes below:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.29.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kamil :: KAMIL-PC [administrator]
01/10/2012 11:48:56
mbam-log-2012-10-01 (13-00-03).txt
Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326320
Time elapsed: 29 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=ef911f3c-0a30-11e2-bd0a-00e04db1dbb4) Good: (http://www.google.com) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Please advise what to do to remove this from my computer. THX
Hijack on the second pc
in Resolved Malware Removal Logs
Posted
please check second combofix log
ComboFix.txt