Jump to content

Recommended Posts

Hi, I know I have whatever virus this is, but I'm not quite ready to post in the ask for help section, as I don't know what info I will be putting up with those logs you are asking for, and all the advice seems to say is download and use that ttds killer or something. I've tried to do some research on it and it seems to be new.

It affects my firefox and my in game steam web browser and I am not sure what else it is doing. When I try to open a new page off of google it just loads a blank page or sometimes a re-direct with kozanekozasearchsystem.com as the loading info. I have tried a few diffrent searches on these forums to see if it has been brought up before, but I couldnt find anything about it. And most posts on the internet that Ive found are only a few hours old. It doesnt seem to affect my google chrome though.

There is one thing that malwarebytes keeps bringing up on a scan but when I try to remove it, it says its unable then asks for a restart 'Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

' is the object And I dont know if it is related or not. Has anybody heard of this before?

Link to post
Share on other sites

Greetings :)

If you do not wish to post logs publicly, that is fine, however we WILL NOT work on any infection related issues in this part of the forum so if you wish to be assisted privately with your issues then please contact support@malwarebytes.org and one of our helpful Support staff members will help you directly via email.

Link to post
Share on other sites

I have the kozanekozasearchsystem redirect too, It infects all searches in yahoo and google and on both chrome and firefox browsers. The only successful browser usage (that only got me this far) is to use chrome and highlight the path in the seacrh results and rt click to go to the site.

I am currently using seamonkey browser (to post this reply). I have not investigated if this browser is infected as well. I do know that this kozanekozasearchsystem (comodo btw mmc.exe just popped up after pasting 'kozanekozasearchsystem' to request control of my keyboard) has been sent out much activity.

I fear for my bank account.

This virus must be new, there is not much postings for solutions to this one. No real manual removal posts, ones to tell you to look for a [random].exe file in the c:\windows\system32 directory. Please let me know if I can aid in this removal. I have an HP laptop running XP SP3. Please help

Also to animosity yes I got the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) too in my lastest scan. after updating Malwarebytes this morning.

Link to post
Share on other sites

Greetings dwweekly :)

We don't work on malware removal in this part of the forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

Thank you Exile,

I will follow the above if I continue having problems. Currently I ran Tddkiller and it destroyed my internet connection (maybe the virus got too aggressive, I don't know), I now am using HP's PC recovery on the PC (again) and will see what is left. I am not doing a total hard drive wipe. I have too much data to save and have a sporadically working DVD burner, so a backup is not possible at this time.

I Do have a question on how to use the search for the forums, if I search 'kozane' or 'kozane*' I get no results if I search 'kozanekozasearchsystem' I get some. How can I search for 'kozane' properly to generate an entire list of posts in the forum?

Link to post
Share on other sites

The forum search is unfortunately somewhat limited, but if you wish to search our forums for that phrase you can actually use Google to do so. Just visit Google.com and type in the following in the search box:

kozane site:malwarebytes.org

The above will search our entire website for the word 'kozane' and should provide you with the info you're seeking.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.