Jump to content

Recommended Posts

per my discussion in a previous thread i am running the programs suggested and am going to post the logs i got here

Thank you so much for all of this help

I know who ever helps is not paid to do so and i and thankful for your help

i am not super proficiant at computers so i apologize for any ignorence

I ran defogger and clicked the disable button

i ran DDS program and have attached both files zipped

I will run GMER next

Attach.zip

DDS.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please copy logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

here is the F-secure results

Computer name: TONY-PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

--------------------------------------------------------------------------------

1 malware found

Trojan.Script.291774 (virus)

C:\USERS\TONY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\PQ2W48UY\IN[1].HTM (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 91059

System: 3832

Not scanned: 19

Actions:

Disinfected: 0

Renamed: 1

Deleted: 0

Not cleaned: 0

Submitted: 1

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\USERS\TONY\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_TONY\2908

C:\USERS\TONY\APPDATA\LOCAL\TEMP\HSPERFDATA_TONY\2680

C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

C:\SYSTEM VOLUME INFORMATION\{8017FFE5-8C68-11DF-8097-001D7276E065}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{9ECE6BD1-7FF4-11DF-B4C4-001D7276E065}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{A58DA4C7-894B-11DF-83F8-001D7276E065}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\BOOT\BCD

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.4

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 20

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player

Adobe Reader 8.1.2

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • Staff

Hi,

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

Link to post
Share on other sites

Hi,

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

great i will do that in just a few hours when i get home .. thank you so much for the help with all of this ...

The web browser hijacker or redirect is still happening as well

this darn thing is stubborn

Link to post
Share on other sites

tried the mbam cleaner and still no update ... same error message

the redirect is always flashing asklots.com then goes to one of a hundred webaddress with no repeats as of yet

i will try a few now

momversation.com

the buyingdata.com

internetadddirectory.com

but the asklots.com flashes first before it does the redirect to some other sight

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, grab a fresh copy from here and save it to your Desktop. Run it and post its log.

Next, run DDS again and post DDS.txt here.

Next, please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

-screen317

Link to post
Share on other sites

no problem .. thank you so much for doing all of this .. any help you can lend is greatly appreciated

still getting the redirects .. if i type in the web address it works fine

but if i do a seach in google or yahoo ... and click on one of the results of the search

that is when i get redirected .. asklots is always the first web address to display real fast before it goes to another page or site. Also it has hit 4 other computers on my home network now ... 2 laptops and 2 desktops

Don't know if any of that will help but hopefully it might

thank you again

Tony

Link to post
Share on other sites

I only use internet Explorer .. i have never used anything else ... shoud I ???

If it will help i will change ... i thought aobut using Chrome once

most of my web browsing is very limited i use it for photography .. military stuff games for my kids

and facebook ... if Firefox is better i will switch just let me know

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.