lazoruslong Posted February 6, 2014 ID:787415 Share Posted February 6, 2014 My desktop is infected with a backdoor agent which hijacks my browsers search engine and homage to startpag.com I have tried adcleaner then Junkware removal tool and then Malwarebytes. The first two steps are useless as they find nothing and despite MB finding the files they are always back on reboot. Any help? and thank you. MB log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.06.01 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Erin :: BOHEMIAN-6BD5A6 [administrator] 2/5/2014 6:46:22 PMmbam-log-2014-02-05 (18-46-22).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231054Time elapsed: 16 minute(s), 20 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BOHEMIAN-6BD5A6 (Backdoor.Agent.Gen) -> Data: C:\Documents and Settings\Erin\Application Data\video.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Documents and Settings\Erin\Application Data\video.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully. (end) Link to post Share on other sites More sharing options...
kevinf80 Posted February 6, 2014 ID:787421 Share Posted February 6, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin.. Link to post Share on other sites More sharing options...
lazoruslong Posted February 6, 2014 Author ID:787447 Share Posted February 6, 2014 Thank you for the quick reply, I was however able to fix this with Combofix. A bit of a scare at first when I opened my browser and startpage was still the homepage, however a quick fix of that via settings in the browser and it seems to be gone. Link to post Share on other sites More sharing options...
kevinf80 Posted February 6, 2014 ID:787451 Share Posted February 6, 2014 Good to hear your issues are fixed, do you want your thread closing out? Thanks, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 11, 2014 Root Admin ID:789463 Share Posted February 11, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts