redirect is really bad

[mvoss2020]

Took me 4 tries and 3 reboots to get GMER to run

DDS (Ver_10-03-17.01) - NTFSx86

Run by MEV at 16:54:40.60 on Mon 05/31/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.751 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Internet Content Filter\SafeEyes.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\MEV\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/

mSearch Bar = hxxp://www.google.com/

mSearchMigratedDefaultURL = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mSearchURL = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [Google Update] "c:\documents and settings\mev\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [uSBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.6.0_03\bin\jusched.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\mev\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

LSP: ICF.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail21.pactiv.com/iNotes6W.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126752602609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mev\applic~1\mozilla\firefox\profiles\5jgxv3v1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-3 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-3 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-3 144704]

R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-3 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-3 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-3 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-3 40552]

S2 F48CA2D05524C370;F48CA2D05524C370;\??\c:\program files\mozilla firefox\f48ca2d05524c370\f48ca2d05524c370 --> c:\program files\mozilla firefox\f48ca2d05524c370\F48CA2D05524C370 [?]

S2 qdokck;qdokck;c:\windows\system32\drivers\huuxram.sys --> c:\windows\system32\drivers\huuxram.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-3 34248]

S3 WavePro;Service for GadgetLabs WavePro Driver;c:\windows\system32\drivers\gldriver.sys [2005-5-12 119296]

S4 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\pci latency tool 3\LtcyCfgSvc.exe [2005-12-26 5120]

=============== Created Last 30 ================

2010-05-31 21:42:55 0 ----a-w- c:\documents and settings\mev\defogger_reenable

2010-05-12 22:35:32 172 ----a-w- c:\windows\system32\MRT.INI

2010-05-08 16:30:33 0 d-----w- C:\Jane slides

2010-05-03 18:19:49 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 03:39:19 64693 ----a-w- c:\windows\fonts\AdobeFnt07.lst

2010-03-29 19:59:15 31212 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2009-08-05 13:09:02 256 ----a-w- c:\program files\yousyvbh.txt

2002-07-26 23:02:06 153088 ----a-w- c:\program files\UNWISE.EXE

1998-03-16 09:02:00 639488 ----a-w- c:\program files\CTWAVE32.EXE

1998-01-07 09:00:08 212992 ----a-w- c:\program files\WS32RES.DLL

2005-10-02 16:53:18 66936 --sha-w- c:\windows\dlinfo_0.drv

2005-10-05 09:42:08 66936 --sha-w- c:\windows\dlinfo_1.drv

2005-10-02 17:04:26 66936 --sha-w- c:\windows\dlinfo_2.drv

2008-09-15 08:08:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 16:55:19.46 ===============

Attach.zip

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Your GMER log shows you are infected by a nasty rootkit. Before starting to fix it, please consider the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[mvoss2020]

combofix.txt is attached, thankyou in advance for your help MEV

ComboFix.txt

[Elise]

Hello again,

How is the redirect now and what other problems do you still have?

Please launch MBAM, update it first and run a full scan. Post me the resulting log.

[mvoss2020]

MBAM Looks clean!!! thank you for your help, MEV

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

6/5/2010 12:02:25 PM

mbam-log-2010-06-05 (12-02-25).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 240680

Time elapsed: 2 hour(s), 20 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[mvoss2020]

unfortunately when I use Mozilla and try to get to http://forums.malawarebytes.org/, I still get a redirect to:

http://searchsearchsearch.org/?rid=1608669...org&OptId=0

WAH!!!

[Elise]

Do you have this problem only with Firefox or also with Internet Explorer? Is it as bad as in the beginning (before we ran Combofix) or has it improved?

[mvoss2020]

Before the combofix,

- in IE, yahoo search results (for "malaware") were redirected to "shopcompareus.com"

- in FF, looking at history something called "click.php" would redirect to random self-help ";lose wgt fast pages and

- also in FF search results for google (if I recall correctly) were redirected

Now after the combofix it has gotten much butter

- in IE the yahoo search results seem to go correctly to malawarebytes.org

- in FF no more click.php firings, but yesterday Google searches (for "malwarebyte.org") were redirecting to searchsearchsearch.sumpin? 24-hours later it seems to have stopped redirecting? im suspicious, I did reboot, and we are no longer seeing the redirect. Hmmmm...

FYI It seems to all have started last moinday after I went searching for the google 30th anniv pacman game. then I must have clicked on something bad, cause in history at 1:00pm I see a site "www . brause . de /pacman", then at 1:01 pm all heck breaks out in terms of redirects.

thanks again in advance for your help

MEV

[mvoss2020]

i think the problem appears is completely fixed: it was my typo of http://forums.malawarebytes.org/ instead of http://forums.malwarebytes.org/ that resulted in the searchsearchsearch.com redirect

Thanks again for all your help.

MEV

[Elise]

Better a typo than malware

I'm glad to hear things work fine now. A last few steps...

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "JDK 6 Update 20 (JDK or JRE)".
  
• Click the "Download JRE" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       

[mvoss2020]

4 items found by ESET:

C:\Documents and Settings\MEV\Application Data\Sun\Java\Deployment\cache\6.0\15\73a4518f-62106707 a variant of Java/TrojanDownloader.Agent.NAE trojan deleted - quarantined

C:\Documents and Settings\MEV\Application Data\Sun\Java\Deployment\cache\6.0\27\6f530d9b-450433f9 OSX/Exploit.Smid.B trojan deleted - quarantined

C:\Documents and Settings\MEV\My Documents\Downloads\setup.exe NSIS/TrojanDownloader.FakeAlert.DB trojan deleted - quarantined

C:\Program Files\Mozilla Firefox\chrome\error.jar Win32/Agent.REX trojan deleted - quarantined

Thanks again. MEV

[Elise]

Hello there, that looks good. If you have no problems left, you are good to go!

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    
  • Delete DDS and GMER (this is a random named file).
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     
   • MVPs hosts file
     A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.
  

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.