Jump to content


Recommended Posts

Hi, so as of today I noticed I couldn't login to an admin panel of a site I manage. I contacted my host and they could access without any problems, then I tried loging in from another computer and it worked. However on my PC it doesn't even with a diffferent browser Chrome, it did not work. I ran Malwarebytes PRO and I got PUP.VshareRedir detected. It quarantied it and deleted it successfully according to the log file after the scan. However I still can't logon to the site, also ran avast home edition scan and it was clean. I've attached DDS.txt and Attach.txt, not sure if anything is remaining that is giving me this problem, so your help is much appreciated.

Update: I can now login to the site, however I'd still like to check with an expert here wether I'm fully clean now or not. Thanks!


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Main at 16:59:50 on 2011-12-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1137 [GMT -5:00]


AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch


E:\Program Files\Sandboxie\SbieSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs



C:\Program Files\Alwil Software\Avast5\AvastSvc.exe





C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

D:\Program Files\iTunes\iTunesHelper.exe


E:\Program Files\Siber Systems\GoodSync\GoodSync.exe


C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\RBTray\RBTray.exe



C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\Hotspot Shield\bin\openvpnas.exe

E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

E:\Program Files\Hotspot Shield\bin\hsswd.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Bell\Access Manager\app\TangoService.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

E:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Phone\Skype.exe


============== Pseudo HJT Report ===============


uStart Page = hxxp://search.hotspotshield.com/g/?c=h

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - e:\program files\hotspot shield\hssie\HssIE.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

uRun: [iBP]

uRun: [GoodSync] "e:\program files\siber systems\goodsync\GoodSync.exe" /min

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [Google Update] "c:\documents and settings\main\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "e:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

StartupFolder: c:\docume~1\main\startm~1\programs\startup\rbtray.lnk - c:\program files\rbtray\RBTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - e:\program files\paltalk messenger\Paltalk.exe

IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - e:\program files\icq7.6\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer =

TCP: Interfaces\{AB1E8D68-CDA5-4E9F-AAB1-87F92CA37C3F} : DhcpNameServer =

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll


================= FIREFOX ===================


FF - ProfilePath - c:\documents and settings\main\application data\mozilla\firefox\profiles\3dc188pm.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\documents and settings\main\local settings\application data\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\onlive\plugin\npolgdet.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

FF - plugin: e:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: e:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: e:\program files\veetle\player\npvlc.dll

FF - plugin: e:\program files\veetle\plugins\npVeetle.dll


============= SERVICES / DRIVERS ===============


R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-22 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-30 314456]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-25 218688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-30 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 44768]

R2 hshld;Hotspot Shield Service;e:\program files\hotspot shield\bin\openvpnas.exe [2011-12-2 330584]

R2 HssWd;Hotspot Shield Monitoring Service;e:\program files\hotspot shield\bin\hsswd.exe -product hss --> e:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-8 366152]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10_50.adcenterdesktop\mssql\binn\sqlservr.exe [2010-4-3 42884448]

R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;c:\windows\system32\drivers\enetnt.sys [2011-4-26 40832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-8 22216]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-24 95304]

R3 SbieDrv;SbieDrv;e:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-24 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-8-10 23456]

S3 ENDETECT;ENDETECT;c:\progra~1\bell\access~1\app\ENDETECT.SYS [2011-4-26 7752]

S3 NTSTPL1;NTSTPL1;c:\progra~1\bell\access~1\app\NTSTPL1.SYS [2011-4-26 16160]

S3 RAWESR;RAWESR;c:\progra~1\bell\access~1\app\RAWESR.SYS [2011-4-26 16256]

S3 TAPBIND;TAPBIND;c:\progra~1\bell\access~1\app\TAPBIND1.SYS [2011-4-26 44736]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-12-14 25088]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10_50.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]


=============== Created Last 30 ================


2011-12-24 21:33:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-24 19:00:29 -------- d-----w- c:\documents and settings\main\local settings\application data\Google

2011-12-22 05:50:23 -------- d-----w- c:\program files\Applian Technologies

2011-12-21 22:39:06 -------- d-----w- c:\documents and settings\main\application data\TextPad

2011-12-21 22:27:29 -------- d-----w- c:\documents and settings\main\application data\Helios

2011-12-20 18:28:45 -------- d-----w- c:\documents and settings\main\application data\com.blueprintcentral.keywordblaze

2011-12-16 04:18:59 -------- d-----w- c:\documents and settings\main\application data\Hobbyist Software

2011-12-14 23:42:20 -------- d-----w- c:\documents and settings\main\application data\TeamViewer

2011-12-14 23:41:33 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys

2011-12-03 18:53:33 -------- d-----w- C:\temp

2011-12-03 18:52:14 -------- d-----w- C:\Hotspot Shield

2011-12-03 03:44:55 -------- d--h--w- c:\windows\PIF

2011-12-01 14:40:09 -------- d-----w- c:\documents and settings\main\application data\spotmau

2011-12-01 14:39:49 -------- d-----w- c:\documents and settings\all users\application data\TuneUp360


==================== Find3M ====================


2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-23 20:45:44 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2011-11-23 20:45:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 13:38:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 23:32:00 95304 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll


============= FINISH: 17:03:13.35 ===============

Does anyone know about this malware?



Link to post
Share on other sites


Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Hi LDTate, sure. I will do in an hour or two.

My computer has been working fine, I just noticed one or two passwords not working correctly for some other logins (about two).

This is why I want to be sure I'm clean and nothing is hiding or not being picked up.

Malwarebytes Anti-Malware (PRO)


Database version: v2011.12.30.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Main :: HOME [administrator]

Protection: Enabled

12/30/2011 10:26:51 AM

mbam-log-2011-12-30 (10-26-51).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 341184

Time elapsed: 1 hour(s), 35 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)


Link to post
Share on other sites

My computer has been working fine, I just noticed one or two passwords not working correctly for some other logins (about two).

This is why I want to be sure I'm clean and nothing is hiding or not being picked up.

Have you tried just resetting or changing the passwords and trying their profile login?
Link to post
Share on other sites

Have you tried just resetting or changing the passwords and trying their profile login?

Yes I have and it works. Do you know what this malware is even? I have the log of the scan when it detected it. If you don't mind I'll post it below.

Malwarebytes' Anti-Malware


Database version: 911122404

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/24/2011 4:03:24 PM

mbam-log-2011-12-24 (16-03-24).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 340951

Time elapsed: 54 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 15

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.