Jump to content

something is up: redirection of IE and shortcuts on desktop greyed out


BID
 Share

Recommended Posts

Hello

Pretty new here. Clearly something up with my PC, jusched.exe keeps on reporting an error, then IE and Firefox started to redirect. Earlier today MSE detected Alureon and deleted it... since then have been allowed to download AV software but nothing detected. Can't see any folders in my Program Files folders. Replaced IE with FF but IE icon was replaced in start up by FF... Not looking good.

Open to any offers of help.

BID.

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

aswMBR version 0.9.4 Copyright© 2011 AVAST Software

Run date: 2011-04-08 18:35:50

-----------------------------

18:35:50.109 OS Version: Windows 5.1.2600 Service Pack 3

18:35:50.109 Number of processors: 2 586 0x604

18:35:50.125 ComputerName: DBM0QN1J UserName: Andrew

18:35:50.578 Initialize success

18:35:52.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

18:35:52.046 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3

18:35:54.062 Disk 0 MBR read successfully

18:35:54.062 Disk 0 MBR scan

18:35:56.062 Disk 0 scanning sectors +312496380

18:35:56.078 Disk 0 scanning C:\WINDOWS\system32\drivers

18:36:01.140 Service scanning

18:36:02.281 Disk 0 trace - called modules:

18:36:02.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

18:36:02.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a85a250]

18:36:02.312 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> [0x8a85a7b8]

18:36:02.312 5 iomdisk.sys[ba3a0bc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a88bb00]

18:36:02.312 Scan finished successfully

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6304

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

08/04/2011 18:50

mbam-log-2011-04-08 (18-50-48).txt

Scan type: Quick scan

Objects scanned: 191825

Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi

I'm running XP and yesterday I ran Malwarebytes on my son's login and got this:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6302

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

07/04/2011 21:29

mbam-log-2011-04-07 (21-29-46).txt

Scan type: Full scan (C:\|)

Objects scanned: 275681

Time elapsed: 3 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1032B52C-7D89-F9F5-EF0A-1635B28AD9BA} (Trojan.ZbotR.Gen) -> Value: {1032B52C-7D89-F9F5-EF0A-1635B28AD9BA} -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

which was successfully deleted. I shut down and restarted and ran a scan on my wife's login and got the same.. which made me wonder.

Thanks for your time.

Aj

Link to post
Share on other sites

Sorry for not being clear.

On my PC with XP, we each have our own user account. I scanned my son's first, it took over 3 hours, detected the trojan, removed it and then, having rebooted found it on my wife's user account... so I'm not really sure if the PC is clear.

BID

Link to post
Share on other sites

Hi,

Full scans on C: on each of our logins and nothing showed.

Still not too sure but the PC seems to be working okay. Not knocked out by the latest Firefox though...

Many thanks for your time and help.

Take care

Andrew j

Link to post
Share on other sites

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.