aporia Posted August 29, 2015 ID:986068 Share Posted August 29, 2015 I recently used CCleaner and noticed something called URLRedirection.URLRedirectionBHO.1, I'm not very tech savvy so I was a little worried when I saw this. I googled it and found a number of different sites stating this could be something malicious, which is why i came here for help better safe than sorry. I have downloaded a few things from sites recently that I haven't used before. I appreciate any help and thank you for taking the time to help me out.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 29, 2015 ID:986086 Share Posted August 29, 2015 Hello and welcome,P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.logLet me see those logs in your reply, also give an update on any remaining issues or concerns... Thank you, Kevin.. Fixlist.txt Link to post Share on other sites More sharing options...
aporia Posted August 29, 2015 Author ID:986093 Share Posted August 29, 2015 Posting results. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/29/2015Scan Time: 8:55 AMLogfile: Administrator: Yes Version: 2.1.8.1057Malware Database: v2015.08.29.02Rootkit Database: v2015.08.16.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 10CPU: x64File System: NTFSUser: Jose Scan Type: Threat ScanResult: CompletedObjects Scanned: 424130Time Elapsed: 21 min, 7 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)Started On Sat Aug 29 09:41:21 2015 Engine: 1.1.11903.0Signatures: 1.203.693.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 29 09:45:14 2015 Return code: 0 (0x0) I think that is everything. Thanks again for the help I really appreciate it. Fixlog.txtAdwCleanerC1.txtJRT.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 29, 2015 ID:986103 Share Posted August 29, 2015 How is the system responding, do you have any remaining issues or concerns? Link to post Share on other sites More sharing options...
aporia Posted August 30, 2015 Author ID:986165 Share Posted August 30, 2015 URLRedirection.URLRedirecionBHO and URLRedirection.URLRedirecionBHO.1 are still showing up in my registry should I be concerned? When I looked it up there was a post that mentioned this to be part of a backdoor trojan. Link to post Share on other sites More sharing options...
kevinf80 Posted August 30, 2015 ID:986176 Share Posted August 30, 2015 Post screen shot of the registry entries.... Link to post Share on other sites More sharing options...
aporia Posted August 30, 2015 Author ID:986179 Share Posted August 30, 2015 I also noticed an app from chrome was removed BetterTwitchTV and in chrome it gave me this warning when I went into settings, "Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults." Not sure if it is related to the things I downloaded and ran for this post, so I thought I'd mention it. Link to post Share on other sites More sharing options...
kevinf80 Posted August 30, 2015 ID:986267 Share Posted August 30, 2015 I do not believe those entries are malicious, run one more scan and post the produced log... Scan with ZOEKPlease download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool. Wait patiently until the main console will appear, it may take a minute or two. In the main box please paste in the following script:services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults; Make sure that Scan All Users option is checked. Push Run Script and wait patiently. The scan may take a couple of minutes. When the scan completes, a zoek-results logfile should open in notepad. If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Please include its content in your next reply. Don't forget to re-enable security software! Thanks, Kevin.. Link to post Share on other sites More sharing options...
aporia Posted August 31, 2015 Author ID:986286 Share Posted August 31, 2015 Posting zoek logs.zoek-results.log Link to post Share on other sites More sharing options...
kevinf80 Posted August 31, 2015 ID:986295 Share Posted August 31, 2015 What is the current status of your system, is there any odd behavior, browse re-directs etc etc... If none continue: Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, Read the following link to fully understand PC security and best practices, you may find it useful....http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we are ok to close out.. Thank you, Kevin.. Link to post Share on other sites More sharing options...
aporia Posted August 31, 2015 Author ID:986298 Share Posted August 31, 2015 No the only thing is chrome settings were reset to default, I'm assuming zoek did this during that scan. Aside from that nothing seems out of the ordinary no browser redirects or any other suspicious things going on. If this is all thank you again for the help I really appreciate it. Link to post Share on other sites More sharing options...
kevinf80 Posted August 31, 2015 ID:986313 Share Posted August 31, 2015 Yes Zoek reset all browsers to default, I should have made you aware of that action... Good to hear all is ok... Take care and surf safe... Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 8, 2015 Root Admin ID:987898 Share Posted September 8, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts