Jump to content

Recommended Posts

I'm hoping that someone can help. I had the Windows XP antivirus 2012 malware. I seem to have successfully removed it, EXCEPT that now that I have both the redirect virus and constantly get the Just-in Time Debugger screen. When this happens the wifi icon shows that it is trying to acquire the network address and continues to do this even though I am actually connected wirelessly. But that seems to interfere with certain online functions, such as updating software. I've run scan with several anti-malware programs (Sophos, Malwarebytes, Spybot, IObit Malware Fighter). The only one that found anything was Sophos, which quarantined several trojans, but the problem wasn't resolved. I tried turning off System Restore, as advised on the Google help website and running Malwarebytes again. During this process, Sophos picked up the trojan again and quarantined it, but Malwarebytes picked up nothing. But after restarting the computer, the problem remains.

Thanks in advance for any help. I'm attaching the dds.txt and attach.txt files.

attach.txt

dds.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Thanks very much. I ran an update of MBAM and ran a full scan, but all it picked up was some adware from CNET which I removed. However, while it was running, Sophos (which I hadn't disabled) gave me a notice that it had picked up "Virus/Spyware'Mal/FakeAVCN-C" and quarantined it.

The behavior is that a) I am getting browser redirects (both Firefox and Chrome), and I get "Just-in Time Debugging" notices constantly.

Here is the MBAM scan; there's not much there.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

jelkins :: L-08-0197 [administrator]

1/4/2012 2:26:04 PM

mbam-log-2012-01-04 (14-26-04).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270450

Time elapsed: 1 hour(s), 1 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\RECYCLER\S-1-5-21-1036140442-2942277670-1561765661-18981\Dc369.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1036140442-2942277670-1561765661-18981\Dc376.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\Documents and Settings\jelkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_003bf0 (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)

Thanks again,

Jeremy

Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.