Jump to content

Exploit Blackhole Exploit Kit (type 1889), Spoolsv.exe missing, Google Redirect


Recommended Posts

I have an Assured Computing Tech (ACT POS) with Microsoft XP and Windows Embedded POS Ready 2009 for my small business, and it is infected with "Exploit Blackhole Exploit Kit (type 1889)." I found other people had received help with the same virus, but in my case I have also lost spoolsv.exe (and who knows what else), which has wiped out my printers. Other symptoms include Google redirect, some internet pages won't load and a couple other programs are behaving strangely.

AVG popped up and with a warning last night stating that it had blocked the virus, but apparently it did not. Initially, neither Malwarebytes nor AVG caught the virus after running scans this morning. I re-ran Malwarebyte's in the afternoon and it removed five infected files, two of which were hdgfsh.exe and fsfwnnrv.exe, but I am still having the same problems. ComboFix is installed from an earlier problem, but I have not run it; I tried to disable/remove AVG in case I need to use Combofix but I cannot uninstall AVG 9.0.

I did a system restore this morning before figuring out that my computer was infected, in case that matters.

Also, GMER shows "TDL4@MBR code has been found."

I attached the dds and attach files. Any help would be greatly appreciated!

attach.txt

dds.txt

Link to post
Share on other sites

I have an Assured Computing Tech (ACT POS) with Microsoft XP and Windows Embedded POS Ready 2009 for my small business, and it is infected with "Exploit Blackhole Exploit Kit (type 1889)."

Hello and :welcome:

As your statement seems to indicate that this is a business please contact corporate support and they will assist you with this.

Please send an email to corporate-support@malwarebytes.org

Also make sure you have malwarebytes.org and salesforce.com in your Safe Sender list in email.

In order to assist you better please provide the following information when contacting them.

Cleverbridge Order Reference Number:

Organization name:

Approved Contact name:

If you no longer have access to the order number you can contact Cleverbridge to obtain information about your order.

Cleverbridge customer service

Thank you

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.