MikeScott Posted November 20, 2011 ID:496501 Share Posted November 20, 2011 Hello, my system is apparently infected and several removal tools/programs have been unable to remove malware in such a way that they doen't reappear.The latest is "net assistant" and something that dumps a URL into the browser when our internet isn't working: http://click.w3i.com/?Programid=173&Elementname=ErrorPage&q=login.live.com%20login.srf%3Fwa=wsignin1.0%26rpsnv=11%26ct=1253879194%26rver=6.0.5285.0%26wp=MBI%26wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%26lc=1033%26id=64855%26mkt=en-us&applicationid={E7FF923C-6B2C-4634-BD55-792002DB02D3}&version=3.8.3&vintage=20111042&Defaultbrowserid=8&Productid=2627&Vendorid=5750&Offerid=6893&sc=-2146697211It also seems to parse webpages and add seemingly random links to various keywords.I also normally us firefox, but now it repeatedly fails upon initialization.Per your forums instructions, I downloaded and ran Malwarebytes. I HAD it installed and used it frequently, but upon attempting to update, it gave me an error:Program_Error_Updating (403,0,HTTPStatusCode)In retrospect, that error might have ocurred while my internet connection was bad, however, in the spirit of following directions, I redownloaded MalwareBytes through your link with MajorGeeks, and successfully updated it. I then ran a quick Scan which found:c:\system volume information\_restore{8a37a514-c257-4674-92a1-3686950ef523}\RP62\A0038673.exe (Adware.MyWebSearch) -> No action taken.(That's a snippet from the MalwareBytes log)Not sure why it says "no action taken" as I DID hit the button to remove it within MalwareBytes, and it never gave me an error message claiming it couldn't. MalwareBytes didn't find it on my subsequent repeat scan when I next ran a Fullscan.I put the computer into Safe Mode (without networking) and ran a Full Scan through Malwarebytes. It told me I was clean but then shortly afterwards, a browser window popped open proclaiming I was the 4000th visitor to "forums.malwarebytes.org" and invited me to click on my prizes. So.. something is still going on that I can't find, let alone get rid of.I ran the DDS program, and to ensure there were no script blockers (as far as I know), I ran it in Safe Mode (no networking).Enclosed are the two requested files.. I can also post the results of the 3 MalwareByte scans I did, if asked.Thanks very much for your time and any efforts on my behalf.attach.txtdds.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted November 27, 2011 Staff ID:498460 Share Posted November 27, 2011 Hi and welcome to Malwarebytes. In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt directly in your reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501918 Share Posted December 6, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506506 Share Posted December 19, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts