Jump to content

Gala search browser hijack

firecracker
 Share

Recommended Posts

firecracker

firecracker

Posted
Posted

Good morning :)

My mother's laptop appears to have been hijacked by a very annoying virus / trojan / malware (not sure of the correct term!) When searching in iE using the search toolbar she is always redirected to findgala.com, which is spoofing google.

I have googled this pest and the best advice I can find is to seek help here.

I would be very grateful for your assistance on this.

Here are the logs as requested:

======

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4026

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

23/04/2010 21:01:05

mbam-log-2010-04-23 (21-01-05).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 238275

Time elapsed: 2 hour(s), 14 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=318&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=318&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

======

DDS (Ver_10-03-17.01) - NTFSx86

Run by Julia at 10:59:24.18 on 25/04/2010

Internet Explorer: 8.0.6001.18904

Microsoft

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello firecracker! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Your database version of MalwareBytes' Anti-Malware is 4026 , but the current is 4036 , so:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. a new fresh DDS log with Attach.txt

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

Hello Borislav

Thank you very much for helping us.

Here is the mbam log after updating to the latest version:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4039

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

26/04/2010 18:54:14

mbam-log-2010-04-26 (18-54-14).txt

Scan type: Quick scan

Objects scanned: 105943

Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

====

I have attached new zipped DDS.zipDDS.txt & Attach.zipAttach.txt - I hope this is right

Many thanks again.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1:

Please, uninstall the following applications:

  1. Adobe Reader 8.1.4
  2. Spelling Dictionaries Support For Adobe Reader 8

You can read, how to this in:

Step 2:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad and copy and paste the text in the code box below into it:

DirLook::
c:\programdata\863c4a6

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please go to http://virustotal.com

Next to the "Browse" button, in to the blank field, please paste the following:

c:\programdata\863c4a6\CUASys\vd952342.bd

c:\programdata\863c4a6\78.mof

c:\programdata\863c4a6\8475.mof

c:\programdata\863c4a6\277.mof

c:\programdata\863c4a6\mozcrt19.dll

c:\programdata\863c4a6\sqlite3.dll

Hit SEND FILE. Please be patient, it will take a while to get it scanned. Once all the scanners are done, post back with the results (copy & paste them here).

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

Hello again

I didn't understand the last instruction, sorry. Do I have to do each line seperately or copy and paste all 6 lines into the browser?

Sorry for being dense!

I will copy and paste all 6 and paste the result. If this is wrong, please let me know.

Thanks again for your help!

=====

File vd952342.bd received on 2010.05.03 12:47:45 (UTC)

Current status: finished

Result: 1/40 (2.50%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 FraudTool.Win32.FakeAV.gen!droppedData (v)

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 11372 bytes

MD5 : b63cfe7f76d0ca6c4758ef1f4b6c607d

SHA1 : 32641ea1e78811f264778ce18f0566e17c7f11bf

SHA256: 98246be0e62fa724b8a7451794e7be9ffe8a1931f0a98030d6b0c2889b92c8d5

TrID : File type identification

Generic INI configuration (100.0%)

ssdeep: 192:H621E1UmrNbZs0aZs0L/wOx8AkO6tQVMv7bSL90kLgkR:rv/wU8Awv7bSx0kLRR

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\CUASys\vd952342.bd

File vd952342.bd received on 2010.05.03 12:47:45 (UTC)

Current status: finished

Result: 1/40 (2.50%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 FraudTool.Win32.FakeAV.gen!droppedData (v)

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 11372 bytes

MD5 : b63cfe7f76d0ca6c4758ef1f4b6c607d

SHA1 : 32641ea1e78811f264778ce18f0566e17c7f11bf

SHA256: 98246be0e62fa724b8a7451794e7be9ffe8a1931f0a98030d6b0c2889b92c8d5

TrID : File type identification

Generic INI configuration (100.0%)

ssdeep: 192:H621E1UmrNbZs0aZs0L/wOx8AkO6tQVMv7bSL90kLgkR:rv/wU8Awv7bSx0kLRR

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\CUASys\vd952342.bd

File vd952342.bd received on 2010.05.03 12:47:45 (UTC)

Current status: finished

Result: 1/40 (2.50%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 FraudTool.Win32.FakeAV.gen!droppedData (v)

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 11372 bytes

MD5 : b63cfe7f76d0ca6c4758ef1f4b6c607d

SHA1 : 32641ea1e78811f264778ce18f0566e17c7f11bf

SHA256: 98246be0e62fa724b8a7451794e7be9ffe8a1931f0a98030d6b0c2889b92c8d5

TrID : File type identification

Generic INI configuration (100.0%)

ssdeep: 192:H621E1UmrNbZs0aZs0L/wOx8AkO6tQVMv7bSL90kLgkR:rv/wU8Awv7bSx0kLRR

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\78.mof

File 78.mof received on 2010.05.03 12:53:35 (UTC)

Current status: finished

Result: 0/40 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 -

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 146 bytes

MD5 : d35b1d34a3cddfd7618f1baa77d36f28

SHA1 : a48ab91f476fd07ebd19f6611d9ec44ddbe404e9

SHA256: 8f84fddb245d73ebc41723c6ad2560ef1aa71d4de33b5089e2247699467a2ef0

TrID : File type identification

Unknown!

ssdeep: 3:U1F9aGoa9AGQYugQ15F2J5bWVlMjEaFJMYx/Xr5F2J5bWSMkVaBQQJMYxn:2LasiH5lE/bWVlYVMYxf1E/bWDQcMYxn

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\8475.mof

File 78.mof received on 2010.05.03 12:53:35 (UTC)

Current status: finished

Result: 0/40 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 -

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 146 bytes

MD5 : d35b1d34a3cddfd7618f1baa77d36f28

SHA1 : a48ab91f476fd07ebd19f6611d9ec44ddbe404e9

SHA256: 8f84fddb245d73ebc41723c6ad2560ef1aa71d4de33b5089e2247699467a2ef0

TrID : File type identification

Unknown!

ssdeep: 3:U1F9aGoa9AGQYugQ15F2J5bWVlMjEaFJMYx/Xr5F2J5bWSMkVaBQQJMYxn:2LasiH5lE/bWVlYVMYxf1E/bWDQcMYxn

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\277.mof

File 78.mof received on 2010.05.03 12:53:35 (UTC)

Current status: finished

Result: 0/40 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.03 -

AhnLab-V3 2010.05.03.00 2010.05.03 -

AntiVir 8.2.1.224 2010.05.03 -

Antiy-AVL 2.0.3.7 2010.04.30 -

Authentium 5.2.0.5 2010.05.03 -

Avast 4.8.1351.0 2010.05.03 -

Avast5 5.0.332.0 2010.05.03 -

AVG 9.0.0.787 2010.05.03 -

BitDefender 7.2 2010.05.03 -

CAT-QuickHeal 10.00 2010.05.03 -

ClamAV 0.96.0.3-git 2010.05.03 -

Comodo 4747 2010.05.03 -

DrWeb 5.0.2.03300 2010.05.03 -

eSafe 7.0.17.0 2010.05.02 -

eTrust-Vet 35.2.7465 2010.05.03 -

F-Prot 4.5.1.85 2010.05.03 -

F-Secure 9.0.15370.0 2010.05.03 -

Fortinet 4.0.14.0 2010.05.03 -

GData 21 2010.05.03 -

Ikarus T3.1.1.80.0 2010.05.03 -

Jiangmin 13.0.900 2010.05.03 -

Kaspersky 7.0.0.125 2010.05.03 -

McAfee 5.400.0.1158 2010.05.03 -

McAfee-GW-Edition 6.8.5 2010.05.03 -

Microsoft 1.5703 2010.05.03 -

NOD32 5081 2010.05.03 -

Norman 6.04.12 2010.05.03 -

nProtect 2010-05-03.01 2010.05.03 -

Panda 10.0.2.7 2010.05.02 -

PCTools 7.0.3.5 2010.05.03 -

Prevx 3.0 2010.05.03 -

Rising 22.45.04.03 2010.04.30 -

Sophos 4.53.0 2010.05.03 -

Sunbelt 6250 2010.05.02 -

Symantec 20091.2.0.41 2010.05.03 -

TheHacker 6.5.2.0.275 2010.05.02 -

TrendMicro 9.120.0.1004 2010.05.03 -

VBA32 3.12.12.4 2010.05.03 -

ViRobot 2010.5.1.2299 2010.05.03 -

VirusBuster 5.0.27.0 2010.05.02 -

Additional information

File size: 146 bytes

MD5 : d35b1d34a3cddfd7618f1baa77d36f28

SHA1 : a48ab91f476fd07ebd19f6611d9ec44ddbe404e9

SHA256: 8f84fddb245d73ebc41723c6ad2560ef1aa71d4de33b5089e2247699467a2ef0

TrID : File type identification

Unknown!

ssdeep: 3:U1F9aGoa9AGQYugQ15F2J5bWVlMjEaFJMYx/Xr5F2J5bWSMkVaBQQJMYxn:2LasiH5lE/bWVlYVMYxf1E/bWDQcMYxn

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted

c:\programdata\863c4a6\mozcrt19.dll

File 0f858de1f1544cdcf8d2b5dca3b791a7_ received on 2010.04.13 06:24:06 (UTC)

Current status: finished

Result: 0/40 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.04.13 -

AhnLab-V3 5.0.0.2 2010.04.12 -

AntiVir 7.10.6.64 2010.04.12 -

Antiy-AVL 2.0.3.7 2010.04.12 -

Authentium 5.2.0.5 2010.04.12 -

Avast 4.8.1351.0 2010.04.12 -

Avast5 5.0.332.0 2010.04.12 -

AVG 9.0.0.787 2010.04.12 -

BitDefender 7.2 2010.04.13 -

CAT-QuickHeal 10.00 2010.04.13 -

ClamAV 0.96.0.3-git 2010.04.13 -

Comodo 4584 2010.04.13 -

DrWeb 5.0.2.03300 2010.04.13 -

eSafe 7.0.17.0 2010.04.12 -

eTrust-Vet 35.2.7421 2010.04.12 -

F-Prot 4.5.1.85 2010.04.12 -

F-Secure 9.0.15370.0 2010.04.13 -

Fortinet 4.0.14.0 2010.04.12 -

GData 19 2010.04.13 -

Ikarus T3.1.1.80.0 2010.04.13 -

Jiangmin 13.0.900 2010.04.13 -

Kaspersky 7.0.0.125 2010.04.13 -

McAfee 5.400.0.1158 2010.04.13 -

McAfee-GW-Edition 6.8.5 2010.04.13 -

Microsoft 1.5605 2010.04.13 -

NOD32 5023 2010.04.12 -

Norman 6.04.11 2010.04.12 -

nProtect 2009.1.8.0 2010.04.06 -

Panda 10.0.2.2 2010.04.12 -

PCTools 7.0.3.5 2010.04.13 -

Prevx 3.0 2010.04.13 -

Rising 22.43.01.01 2010.04.13 -

Sophos 4.52.0 2010.04.13 -

Sunbelt 6169 2010.04.13 -

Symantec 20091.2.0.41 2010.04.13 -

TheHacker 6.5.2.0.259 2010.04.12 -

TrendMicro 9.120.0.1004 2010.04.13 -

VBA32 3.12.12.4 2010.04.09 -

ViRobot 2010.4.13.2273 2010.04.13 -

VirusBuster 5.0.27.0 2010.04.12 -

Additional information

File size: 722392 bytes

MD5 : 0f858de1f1544cdcf8d2b5dca3b791a7

SHA1 : c252b0856ca09814584b7e26cf33d8b702417b41

SHA256: 6684e1c69f0c11faa624ba918095ed43f898ee322b32aee85095804b90fb4bc2

PEInfo: PE Structure information

<continued in next post>

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
firecracker

firecracker

Posted
  • Author
Posted
Please post a new fresh DDS log and let me know what is the problem now.

Will do. Sorry for the delay responding, I was out of town and unable to check my mothers laptop. Unfortunately Gala search is still hijacking the toolbar browser search. I will run a new DDS log as soon as I can. Thanks again.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.